Performs duties as related to Authorization and Accreditation (A&A) and the Risk Management Framework (RMF) lifecycle. Supports the development, review and management of certification and accreditation documentation to ensure it is compliant with RMF standards. Develops guidance and assists associates through the RMF phases.
Performs Risk Management and testing of Federal Information System Controls Audit Manual (FISCAM) and RMF controls in order to maintain the information system’s security posture. Maintains system accreditation status, develops reports, and alerts system proponents when accreditation documentation must be updated.
Supports the organization’s program that implements information systems security technology and procedures, to include access control and authentication of users and transmitted information. Prepares, distributes, and maintains plans, instructions, guidance, and standard operating procedures (SOPs) on the security of information systems.
Conducts system vulnerability (i.e. ACAS) and STIG compliance scanning, as well as, reviews, and analyzes vulnerability status reports. Reviews threats and vulnerabilities to assess risks, and determines effective measures to minimize such risks. Identifies resources to be protected. Recommends security mitigation actions to improve the security posture of PM systems
Reviews Army and DoD policy and develops local policy and procedures that implement the Army and DoD’s Information Assurance subprograms and initiatives. Reviews and evaluates system and network changes for cybersecurity impact and effect on confidentiality, integrity, availability and overall system security posture.
• Bachelor’s Degree in Cyber Security, Engineering, IT or related technical field
• Experience with ERP programs, HBSS, Fortify, and ACAS/Retina/Nessus
• Experience with eMASS
• Active US Secret security clearance required
• At least 7 years of relevant experience required
• DoD 8570.01-Manual IAM Level III baseline certification
- Crystal City, Virginia, United States
- November 9, 2016
- Cybersecurity Analyst
- Security Engineer
- 5-7 Years