Get more qualified candidates and reduce your costs with our guaranteed recruiting solutions

Talk to an expert today

2701 - Assessment & Authorization Specialist

Herndon, Virginia
Full Scope Polygraph

OVERVIEW:

The Assessment & Authorization Specialist will be required to provide Certification and Accreditation support to advise and assist the stakeholders with the Lifecycle Assessment and Authorization (A&A) process, and develop a Systems Security Plan (SSP).

REQUIRED QUALIFICATIONS:

  • Concentrate on overall technical and operational effectiveness of capabilities in coordination with the GTM and the Customer Staff management.
  • Responsible for assisting and maintaining a formal Information Security Program that includes recommendations on continuous improvement of the processes and architectures supporting the overall Customer’s operational activities.
  • Concentrate on overall technical and operational effectiveness of capabilities in coordination with the designated Customer's staff management.
  • Maintain and make accessible documentation of all operational and business process activities in the form of Standard Operating Procedures (SOPs).
  • Be responsible for assisting and maintaining a formal Information Security Program with their stakeholders.
  • Monitor and track projects in the A&A queue.
  • Analyze SSPs to develop an understanding of the customer's systems and applications.
  • Coordinate A&A actions and system testing with appropriate security personnel.
  • Develop risk assessment, recommend mitigating countermeasures, and write short, succinct risk assessment, and certification reports for submission to the Chief Information Officer (CIO).
  • Act as an A&A project register.
  • Manage the A&A registration process.
  • Monitor and track projects in the A&A queue.
  • Maintain a document repository where A&A project documentation is stored and recorded, and register actions concerning project approvals to operate in the A&A database.
  • Assemble and submit A&A packages to the Principal Accreditation Authority or Designated Accreditation Authority.
  • Support the Customer’s product selection process, approving product changes and modifications.
  • Review and approve product requests for procurements to ensure it meets the Customer's security requirements.
  • Engage in technical meetings during the Customer’s project engineering process to provide security guidance in terms of policy and technical implementation of those policies.
  • Produce and assist with production of technical artifacts required for A&A packages such as write documentation like System Security Plan, Audit Strategy, Configuration Management Plan, Security Controls Traceability Matrix, Project Plan of Action and Milestones.
  • Monitor and address cyber risks such as malware, zero-day attacks, denial of service attacks, as well as associated mitigations regarding computer and network devices.

REQUIRED QUALIFICATIONS:

  • Bachelor’s degree in management information systems, information assurance, computer engineering, or other closely related IT and cybersecurity discipline or equivalent work experience.
  • Demonstrated experience in the Risk Management Framework (RMF) methodology.
  • Demonstrated experience managing document repositories and databases.
  • Demonstrated experience in the use of process tracking and document control software.
  • Demonstrated experience with writing, communications, and briefing skills.
  • Demonstrated experience with technical guidance and oversight both to technical and non-technical, senior level personnel.
  • Demonstrated experience organizing, planning and prioritizing multiple tasks to complete work on schedule.
  • Demonstrated experience in INFOSEC policies, regulations, and guidance’s.
  • Demonstrated experience with cyber risks such as malware, zero-day attacks, denial of service attacks, as well as associated mitigations regarding computer and network devices.
  • Demonstrated pattern of excellent customer service skills and the ability to collaborate with customers at all levels.

DESIRED QUALIFICATIONS:

  • Demonstrated experience with the Customer’s A&A process.
  • Certified Information Systems Security Professional (CISSP).
  • Demonstrated knowledge of the Customer’s standard project cycle.
  • Demonstrated experience with the Customer’s diverse information technology infrastructure, including operating systems, major application systems, and network architecture.

CLEARANCE:

  • Full Scope Polygraph minimum