Understand system architecture to maintain a posture complaint with DoD’s RMF A&A process
Interpret and implement DoD IT security policies and compliance measures.
Identify appropriate RMF controls for various types of systems to include classified and unclassified systems.
Interface with other IA support staff to coordinate RMF A&A activities
Monitor computer usage and audit logs to ensure compliance with IA controls and reporting.
Ensure continuous understanding of operation status and vulnerabilities.
Prepare, review and process accreditation packages in accordance with established security plan.
Initiate requests for temporary and permanent exception, deviations, or waivers to IA requirements
Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organizations mission and goals.
Define and/or implement policies and procedures to ensure protection of critical infrastructure (as appropriate)
Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
Ensure that IA inspections, tests, and reviews are coordinated for the network environment.
Ensure that IA requirements are integrated into the continuity planning for that system and/or organization(s)
Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level IA architecture.
Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
Evaluate cost benefit, economic, and risk analysis in decision making process.
Identify security requirements specific to an IT system in all phases of the System Life Cycle
Participate in an information security risk assessment during the Security Assessment and Authorization process
Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.
Participate in the development or modification of the computer environment IA security program plans and requirements.
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents.
Recognize a possible security violation and take appropriate action to report the incident, as required.
Recommend resource allocations required to securely operate and maintain an organization.
Supervise or manage protective or corrective measures when an IA incident or vulnerability is discovered.
B.S. in Information systems or equivalent with a minimum of 8 years’ experience with RMF IA process/tasks OR A.S with a minimum of 10 years’ experience to RMF IA process/tasks OR High School with a minimum of 16 years’ experience with RMF IA process/tasks.
Working knowledge of NIST 800-53 controls, overlays, and inheritance
Working knowledge of eMASS
Excellent communication skills to defend and discuss accreditation packages with approving officials.
Must have sec+ certification.
Must have or be able to acquire and maintain a security clearance at the secret or TS level.
Knowledge of PC operating systems and servers.
Knowledge or experience with cyber security tools (Splunk, HBSS, ACAS, Nessus etc.)
Minimum Secret Clearance – Top Secret Clearance preferred