A&A Security Control Assessor Manager

About The Position

Requirements

• Bachelor's degree or higher. Can be substituted for associate's degree with 2+ years of relevant experience OR
• High school diploma or GED equivalent with 4+ years relevant experience.
• 12+ years relevant experience.
• DOD 8140 IAM Level II (CAP, CASP, CISM, CISSP, GSLC, CCISO).
• Top-Secret Clearance with SCI eligibility is required.
• Performing work onsite is required.
• Experience with DARPA network environments and research systems
• Knowledge of specialized government network architectures (SIPR, NIPR, etc.)
• Background in network penetration testing or vulnerability assessment
• Experience conducting assessments on DOD environments
• Background in system engineering or network architecture
• Familiarity with automated risk assessment tools and methodologies
• Working knowledge of DOD Cybersecurity Regulations to include: <li>(U) NIST Federal Information Processing Standard Publication (FIPS) No. 199 "Standards for Security Categorization of Federal Information and Information Systems", February 2004 (U) NIST Federal Information Processing Standard Publication (FIPS) No. 200 "Minimum Security requirements for Federal Information and Information Systems", March 2006 (U) NIST Special Publication 800-59 "Guideline for Identifying an Information System as a National Security System", August 2003 (U) NIST Special Publication 800-60, Volumes I-II, Revision 1, "Guide for Mapping Types of Information and Information System to Security Categories", August 2008 (U) Committee on National Security Systems Instruction (CNSSI) No. 1253, "Security Categorization and Control Selections for National Security Systems," current edition (U) NIST Special Publication 800-53, "Security and Privacy Controls for Federal Information Systems and Organizations," current edition (U) DoD Instruction 8510.01, "Risk Management Framework (RMF) for DoD Information Technology (IT),

Responsibilities

• Review and assess Authorization to Operate and Authorization to Connect (ATC) packages for system interconnections
• Evaluate security controls for proposed system connections and data flows
• Conduct risk assessments for interconnection agreements between systems
• Develop and maintain System Interconnection Agreements (SIA)
• Coordinate with network architects and system administrators on secure connection requirements
• Assess the impact of proposed connections on existing security authorizations
• Document connection-specific security controls and monitoring requirements
• Support the development of network security architectures
• Maintain inventory of authorized system connections and their security status
• Provide technical guidance on secure network design and implementation
• Support incident response activities related to network security events
• Process authorized file transfers (AFTs)
• Supports the technical office as a cybersecurity advisor on processing connections to enterprise systems
• Review and evaluate comprehensive Connection Approval Packages (CAP)
• Assess proposed system architectures for security control implementation
• Conduct detailed security control assessments for interconnecting systems
• Develop risk calculations and scoring for CAP packages
• Develop assessment methodologies
• Coordinate with multiple stakeholders, including system owners, network administrators, and authorizing officials
• Ensure compliance with DoD 8510 RMF requirements for system connections
• Review security documentation, including System Security Plans, risk assessments, and contingency plans
• Provide technical recommendations for connection approval or conditional approval
• Support the development of connection-specific monitoring strategies
• Maintain documentation of approved connections and their security posture
• Participate in connection approval boards and technical review meetings
• Other duties as assigned.