Senior Information Assurance/Security Specialist
US Citizen Required
Information Assurance/Security Specialist (Master) Public Trust Clearance
Applicants must be able to demonstrate in their resume experience with all of the following:
The candidate will review, coordinate, and recommend IA standards and protocols for application in accordance with the Department of Defense’ s (DoD) and supporting documentation as specified in the individual tasks. The applicant will ensure compliance with, DoD and DMDC information technology and security requirements, policies, procedures and standards as applicable.
1. The candidate will comply with the appropriate current and future DMDC and DOD improved IA architectures policies and programs standards and guidelines such as but not be limited to:
o IA policies and DOD Directive 8500.1, Information Assurance;
DOD Instruction 8500.2, Information Assurance (IA) Implementation;
Security Technical Implementation Guides (STIGS);
Global Information Grid (GIG) Concept of Operations (CONOPS);
IA Technical Framework;
DII Common Operating Environment (COE);
DOD 8510.01, DOD Information Assurance Certification & Accreditation Process (DIACAP) – Final;
DODI 8510.01 DOD Risk Management Framework (RMF);
DLA IA Handbook; DLA Computer Incident Response and;
2. Certification and Accreditation Process Execution
o The candidate shall have extensive knowledge of the DOD Information Assurance Certification and Accreditation Process (DIACAP)) and the Risk Management Framework (RMF) Process. In addition, candidate shall possess an in-depth knowledge of general Certification and Accreditation principles as stated in the NIST 800-37 and 53 and NIST 800-122 standards.
3. Process Support
o The candidate will provide support to include,
1. Support DBIDS and RAPIDS programs in the implementation of the DIACAP/RMF
2. Participate in IA process activities
? Review the SI IA products and as appropriate assist with documenting the results of those activities
? Assist the SI with the establishment of Interim Authority to Test (IATT), Interim Authority to Operate (IATO), & Authority to Operate (ATO) and the submission of DIACAP/RMF packages throughout the system’ s development lifecycle.
? Track incomplete DIACAP/RMF packages and completed accreditations (IATO &ATO) through the HQ DLA review and approval process.
4. Analysis Support
o The candidate will perform analyses to validate established security requirements and to recommend additional security requirements. This shall include,
1. Analyze the DIACAP/RMF package, assess the adequacy of the required protective measures, assess residual risk, and provide support to determine the readiness of the system for accreditation.
2. Recommend, for detected vulnerabilities that could preclude accreditation, management, operational, or technical controls to include human procedures, software configuration parameters, system changes, or combinations thereof to mitigate the risk associated with the vulnerability.
? Perform technical reviews of documented security certification results normally submitted in the DIACAP/RMF format to assess their completeness and identify system vulnerabilities and weaknesses.
3. Perform security certification and accreditation reviews, and verify and validate implementation of DODI 8500.2 controls based on the Mission Assurance Category (MAC) and data sensitivity levels.
4. Verify compliance with DODI 8510.01 (DIACAP)/DODI 8510.10 (RMF) and DLA policy requirements.
5. Analyze vulnerability scans and Security Readiness Review (SRR) results, STIG compliance and deficiencies of all forms identified during internal and external IA reviews. Candidate support personnel will ensure that deficiencies and vulnerabilities are included in a Plan of Action and Milestones (POA&M) and are tracked until the Government has implemented adequate mitigation measures.
5. IA General Support
o The candidate will provide general IA engineering capabilities and services per individual tasks.
General support includes:
1. Participating in Integrated Product Teams (IPTs), working group meetings, design reviews, specific project meetings, other meetings
2. Providing minutes of meetings? Providing security engineering recommendations and formal/information
1. Responding to action items
2. Reviewing documents and providing comments
3. Providing briefings at meetings or to specific audiences
? Supporting other regular program activities
Analyze vulnerability scans and Security Readiness Review (SRR) results, STIG compliance