Posted today
Secret
Early Career (2+ yrs experience)
Unspecified
IT - Support
Remote/Hybrid•Pensacola, FL (Off-Site/Hybrid)
A&A Specialist
Location: Pensacola, FL / Remote
SUMMARY:
The Senior Assessment and Authorization Specialist will support DISA’s sensing capabilities through the full Risk
Management Framework process. This includes supporting system accreditation, maintaining Authority to
Operate status, performing compliance scans, sustaining accredited baselines, and ensuring all systems remain
fully compliant with DoD cybersecurity policies..
ESSENTIAL FUNCTIONS/RESPONSIBILITIES:
· Develop, update, and maintain RMF documentation including System Security Plans, Security
Assessment Reports, and Plans of Action and Milestones.
· Support achieving and maintaining Authority to Operate status for the life of the contract.
· Review Government findings monthly, identify mitigations, and submit remediation reports.
· Ensure compliance with all applicable STIGs, SRGs, and IAVA requirements for hardware, firmware,
and software.
· Conduct weekly and monthly system compliance scans using approved tools and upload results to DISA
reporting systems.
· Remediate STIG and IAVA findings and apply patches, updates, and workarounds in accordance with
published IAVA notices and directives.
· Maintain DISA CIO accredited baseline configurations for sensing systems in lab and production
environments.
· Ensure deployed systems remain consistent with the authorized baseline unless deviation approval is
obtained.
· Update baseline systems monthly with required patches, fixes, and configuration updates.
· Ensure all hardware is labeled with classification level, inventory control number, hardware identification,
and that cables are labeled for identification.
· Follow standard rack elevations, wiring diagrams, and configuration guidance as directed by the sensing
Program Manager.
· Support continuity of operations, configuration management, operational sustainment, and system
evolution activities.
· Maintain documentation related to configuration control, security compliance, inventory, and
assessments.
REQUIRED EDUCATION, EXPERIENCE, & CERTIFICATIONS:
· Active Secret clearance required
· Bachelor’s Degree in Cybersecurity, Information Technology, Computer Science, or related field;
equivalent experience considered.
· Minimum three (3) to seven (7) years of experience supporting RMF, cybersecurity compliance,
information assurance, or A&A activities.
· Experience developing RMF artifacts including System Security Plans, Security Assessment Reports,
and POA&Ms.
· Experience working with DISA STIGs, IAVA processes, ACAS, Nessus, SCC, and DISA security
compliance systems.
· Experience managing system baseline configurations and maintaining accredited configurations.
· Knowledge of DoD cybersecurity policies including DoDD 8500.1 and DoDI 8510.01.
· DoD 8570 IAT II or IAM I certification required (Security+, CySA+, CISM, CASP, CISSP or equivalent).
· Strong understanding of vulnerability management principles and security control implementation. · Ability to work both independently and collaboratively in a fast paced, mission focused environment. · Strong written and verbal communication skills with experience supporting cross functional teams.
Location: Pensacola, FL / Remote
SUMMARY:
The Senior Assessment and Authorization Specialist will support DISA’s sensing capabilities through the full Risk
Management Framework process. This includes supporting system accreditation, maintaining Authority to
Operate status, performing compliance scans, sustaining accredited baselines, and ensuring all systems remain
fully compliant with DoD cybersecurity policies..
ESSENTIAL FUNCTIONS/RESPONSIBILITIES:
· Develop, update, and maintain RMF documentation including System Security Plans, Security
Assessment Reports, and Plans of Action and Milestones.
· Support achieving and maintaining Authority to Operate status for the life of the contract.
· Review Government findings monthly, identify mitigations, and submit remediation reports.
· Ensure compliance with all applicable STIGs, SRGs, and IAVA requirements for hardware, firmware,
and software.
· Conduct weekly and monthly system compliance scans using approved tools and upload results to DISA
reporting systems.
· Remediate STIG and IAVA findings and apply patches, updates, and workarounds in accordance with
published IAVA notices and directives.
· Maintain DISA CIO accredited baseline configurations for sensing systems in lab and production
environments.
· Ensure deployed systems remain consistent with the authorized baseline unless deviation approval is
obtained.
· Update baseline systems monthly with required patches, fixes, and configuration updates.
· Ensure all hardware is labeled with classification level, inventory control number, hardware identification,
and that cables are labeled for identification.
· Follow standard rack elevations, wiring diagrams, and configuration guidance as directed by the sensing
Program Manager.
· Support continuity of operations, configuration management, operational sustainment, and system
evolution activities.
· Maintain documentation related to configuration control, security compliance, inventory, and
assessments.
REQUIRED EDUCATION, EXPERIENCE, & CERTIFICATIONS:
· Active Secret clearance required
· Bachelor’s Degree in Cybersecurity, Information Technology, Computer Science, or related field;
equivalent experience considered.
· Minimum three (3) to seven (7) years of experience supporting RMF, cybersecurity compliance,
information assurance, or A&A activities.
· Experience developing RMF artifacts including System Security Plans, Security Assessment Reports,
and POA&Ms.
· Experience working with DISA STIGs, IAVA processes, ACAS, Nessus, SCC, and DISA security
compliance systems.
· Experience managing system baseline configurations and maintaining accredited configurations.
· Knowledge of DoD cybersecurity policies including DoDD 8500.1 and DoDI 8510.01.
· DoD 8570 IAT II or IAM I certification required (Security+, CySA+, CISM, CASP, CISSP or equivalent).
· Strong understanding of vulnerability management principles and security control implementation. · Ability to work both independently and collaboratively in a fast paced, mission focused environment. · Strong written and verbal communication skills with experience supporting cross functional teams.
group id: 10471702
