The Sponsor’s business environment is fast-paced and dynamic. The Sponsor maintains a network, records system, and other analytical applications to collect and analyze data on the Sponsor’s business operations. The Sponsor’s goal is to improve the integrity and usability of its data collected during its day to day operation. It performs this duty through the development of software systems. The Sponsor requires support specializing in development and maintenance of software that extracts, transforms, and loads data from various data formats into data models. The Sponsor also requires expertise that will appropriately secure those capabilities.
- Information System Security: Work with Sponsor to maintain and implement a strategy for appropriately securing sensitive application, administrative and Sponsor data.
- Address enterprise auditing requirements.
- Provide the appropriate documentation required for the Approval and Authorization (A&A) process.
- Submit appropriate documentation to Sponsor for prior approval.
- Coordinate activities to make sure that mission applications are available to utilize for investigations and assessments.
- Develop and prepare required artifacts for certifications and accreditations submissions in accordance with regulations.
- Use the Sponsor’s Risk Management Framework (RMF) to successfully obtain system accreditation.
- Utilize Sponsors XACTA software to adhere to accepted assessment methodologies and standards.
- Interpret Nessus vulnerability scans and remediate.
- Perform security analyses of network architecture and provide guidance in the development of functional requirements.
- Coordinate accreditation and certification activities with other stakeholders.
- Maintain baseline functional specifications and standards for deployed systems.
- Maintain baseline technical specifications and standards for deployed systems.
- Coordinate with stakeholders to ensure problem and issue resolution.
- Manage and update the master support schedule.
- Demonstrated experience understanding Risk Management Framework (RMF).
- Demonstrated experience navigating RMF processes in order to achieve Authorization to Proceed.
- Demonstrated experience understanding AWS.
- Demonstrated experience understanding the system development lifecycle.
- Demonstrated experience operating vulnerability assessment tools such as Roadrunner, Nessus, Webnspect, or AppDetective, and analyzing the results produced by those tools.
- Demonstrated experience understanding systems development data requirements gathering.
- Demonstrated experience analyzing systems and networks for development.
- Demonstrated experience with documentation preparation for systems development.
- Demonstrated experience using XACTA.
- Demonstrated experience with Sponsors current XACTA software.
- Demonstrated experience with the full software development lifecycle.
- Demonstrated experience accrediting cloud applications.
- Demonstrated experience providing information security guidance to the organization throughout the system lifecycle.
- Demonstrated experience with the Sponsor’s accreditation process.
- Demonstrated experience providing recommendations in technical standards, security standards, and operational assurance.
- Demonstrated experience interfacing with vendors and third party producers.
- Desired Certifications: Certified Information Systems Security Professional (CISSP) certification
- Full Scope Polygraph minimum