Aisso III

About The Position

Requirements

• Five (5) years of related experience
• Fully qualified, by qualification standards and requirements in accordance with DoDD 8140.01 and DoDM 8140.03, DCWF Reference 511, 622, 722, Level II/Level III
• Experience implementing or assessing DISA STIGs
• Experience with RMF workflow
• Experience with industry tools, such as STIG viewer, ACAS, and eMASS

Nice To Haves

• Fully qualified, by qualification standards and requirements in accordance with DoDD 8140.01 and DoDM 8140.03, DCWF Reference 511, 622, 722, Level III
• CISSP or CISM certification in good standing
• Bachelor’s degree or higher in Cybersecurity/IT
• Familiarity with overlays, including CFO, Privacy, Facility, and NSS
• Experience and familiarity with DevSecOps principles especially in terms of secure coding best practices
• Experience with Cloud-based (FedRAMP) system authorization

Responsibilities

• Conduct focused compliance assessments for information systems according to guidance from NIST, OMB, DoD, DHS, FISMA, and internal policies.
• Identify common and inheritable security control applicability across a variety of platforms and applications.
• Analyze DoD Security Technical Implementation Guides (STIGs) implementation compliance and associate checklists to NIST SP 800-53 security controls.
• Conduct comprehensive manual security control testing, document examination, and staff interviews for security controls not covered by STIGs or inheritance.
• Analyze scan results from scanning tools (Nessus, SIEM, ACAS, and so forth) to identify additional information system vulnerabilities; verify scans against approved hardware/software and server lists to identify where gaps exist.
• Plan, develop, finalize, and review key deliverables at each stage of the Assessment & Authorization (A&A) project using applicable DoD and DHS tools and guidance.
• Prepare and track POA&Ms in eMASS for items that are out of compliance; identify risks and remediation recommendations.
• Manage project expectations to ensure requirements are understood and agreed upon by stakeholders.
• Assess proposed changes to information systems; identify risks of the proposed change and whether the proposed change affects the system ATO or FIPS categorization level.
• Develop, review, and reconcile IA security policies, standards, guidelines, procedures, and other technical documentation.
• Perform research to ensure knowledge proficiency remains aligned to technologies and industry’s best practices.
• Identify and recommend process improvements relating to the A&A process and/or established guidelines.
• Work closely with stakeholders to ensure information system A&A efforts are completed within stated deadlines.
• Engage constructively within the team to identify and resolve challenges or exploit opportunities.
• MUST possess excellent verbal and written communication skills.
• MUST be comfortable discussing (both verbally and in writing) status and risks/project impacts with all levels of management and project stakeholders.
• Ability to interpret NIST and DoD guidance.
• Possess familiarity with FedRAMP inheritable controls and cloud-based security principles.

Benefits

• PTO including paid parental, military, and bereavement leave
• Eleven (11) paid Federal holidays, five of which are floating holidays (as designated by the company’s holiday schedule each year)
• Health and Dental Insurance (including 100% employer paid premiums for employee coverage under the HDHP health plan)
• Life Insurance, STD/LTD term disability coverage, with employer paid premiums
• 401 (k) plan with a match that is 100% vested after you complete two years of service
• FSA/DFSA/HSA flexible benefit plans
• Annual Tuition & Professional Development Reimbursement benefit