Yesterday
Top Secret
Mid Level Career (5+ yrs experience)
IT - Security
Fort Belvoir, VA (On-Site/Office)
iGov is seeking a highly skilled and experienced Cyber Security Assessment and Authorization SME to serve as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures.
If this sounds like you, please apply!
This position is contingent upon award
Essential Responsibilities:
• Serve as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures.
• Perform a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization.
• Help apply the security controls identified in the NIST 800-53 to the process of assessing and authorizing a DLA’s IT infrastructure. Appropriately tailor these controls to DLA’s compilation of large and small enclaves, AIS applications and outsourced IT processes.
• Perform technical reviews of security certification results, assess the adequacy of protective measures, evaluate residual risk, and determine the applicable severity value for identified vulnerabilities and their potential impact on system authorization (e.g., non-compliant security control), including future authorization.
• Support all steps of the RMF process as defined in DoDI 8510.01, using NIST 800-53 controls and tools like eMASS.
• Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.
• Support developing and validating Plan of Action and Milestones (POA&Ms) for items not in compliance to ensure they adequately address A&A requirements.
• Ensure adherence to cybersecurity policies, procedures, and processes. This includes supporting "Federal Information Security Management Act (FISMA) Tracking and Reporting" requirements and ensuring all necessary documentation and artifacts are updated and stored correctly for A&A purposes.
• Advise on the A&A implications of emerging technology areas such as Cloud, Industrial Control Systems (ICS), and Operational Technology (OT) infrastructures, and contribute to assessing the DoD Zero Trust Reference Architecture and any gap analysis impacting hosting.
• Analyze findings from "Command Cyber Readiness Inspections (CCRI)" and "Penetration Testing Support", assessing their impact on the system's authorization posture.
• Assist in developing and reviewing critical A&A documentation, such as System Security Plans (SSPs) for "Controlled Unclassified Information (CUI)" protection, security plans, and test results for RMF controls. Also contribute to broader "Compliance Documentation".
• Perform duties as a Computer Emergency Response Team (CERT) Analyst.
Essential Required Experience & Skills:
• Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A
Experience.
• DOD cybersecurity experience.
• Experience in assessing security controls and conducting authorization reviews for large, complex organizations.
• Experienced in the general tenets supporting the overall DOD implementation of its
authorization process, to include supporting cybersecurity policy, procedures, and processes.
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and
Industrial Control Systems (ICSs), warehouse execution systems and Operational
Technology (OT) infrastructures.
• DOD Secret Clearance and must possess IT-II Non-Critical Sensitive security clearance or
Tier 3 (T3) at time of proposal submission.
• CERT Personnel: Any team member assigned duties at DLA CERT shall possess a DOD
TOP SECRET Clearance and must possess IT-I Critical Sensitive security clearance or Tier
5 (T5) at time of proposal submission.
Educational Requirements:
• DoD Approved 8570 Baseline Certification: Category IAM Level III.
• Any team member assigned duties as DLA CERT Analyst will maintain CSSP-Analyst
Certification.
EEO: M/F/D/V
If this sounds like you, please apply!
This position is contingent upon award
Essential Responsibilities:
• Serve as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures.
• Perform a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization.
• Help apply the security controls identified in the NIST 800-53 to the process of assessing and authorizing a DLA’s IT infrastructure. Appropriately tailor these controls to DLA’s compilation of large and small enclaves, AIS applications and outsourced IT processes.
• Perform technical reviews of security certification results, assess the adequacy of protective measures, evaluate residual risk, and determine the applicable severity value for identified vulnerabilities and their potential impact on system authorization (e.g., non-compliant security control), including future authorization.
• Support all steps of the RMF process as defined in DoDI 8510.01, using NIST 800-53 controls and tools like eMASS.
• Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.
• Support developing and validating Plan of Action and Milestones (POA&Ms) for items not in compliance to ensure they adequately address A&A requirements.
• Ensure adherence to cybersecurity policies, procedures, and processes. This includes supporting "Federal Information Security Management Act (FISMA) Tracking and Reporting" requirements and ensuring all necessary documentation and artifacts are updated and stored correctly for A&A purposes.
• Advise on the A&A implications of emerging technology areas such as Cloud, Industrial Control Systems (ICS), and Operational Technology (OT) infrastructures, and contribute to assessing the DoD Zero Trust Reference Architecture and any gap analysis impacting hosting.
• Analyze findings from "Command Cyber Readiness Inspections (CCRI)" and "Penetration Testing Support", assessing their impact on the system's authorization posture.
• Assist in developing and reviewing critical A&A documentation, such as System Security Plans (SSPs) for "Controlled Unclassified Information (CUI)" protection, security plans, and test results for RMF controls. Also contribute to broader "Compliance Documentation".
• Perform duties as a Computer Emergency Response Team (CERT) Analyst.
Essential Required Experience & Skills:
• Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A
Experience.
• DOD cybersecurity experience.
• Experience in assessing security controls and conducting authorization reviews for large, complex organizations.
• Experienced in the general tenets supporting the overall DOD implementation of its
authorization process, to include supporting cybersecurity policy, procedures, and processes.
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and
Industrial Control Systems (ICSs), warehouse execution systems and Operational
Technology (OT) infrastructures.
• DOD Secret Clearance and must possess IT-II Non-Critical Sensitive security clearance or
Tier 3 (T3) at time of proposal submission.
• CERT Personnel: Any team member assigned duties at DLA CERT shall possess a DOD
TOP SECRET Clearance and must possess IT-I Critical Sensitive security clearance or Tier
5 (T5) at time of proposal submission.
Educational Requirements:
• DoD Approved 8570 Baseline Certification: Category IAM Level III.
• Any team member assigned duties as DLA CERT Analyst will maintain CSSP-Analyst
Certification.
EEO: M/F/D/V
group id: 10113264
