Information Assurance and Security, Advisor

About The Position

Requirements

• BA/BS 8 Years, MS 6, PhD 3, 9-12 years of experience with HS diploma
• Must be a US citizen
• Must have a active Secret clearance
• Technical writing experience, must have strong technical writing skills
• Experience in working with the Risk Management Framework (RMF).
• Experience working with NIST SP 800-53.
• Experience in working with DOW systems in helping the customer achieve successful ATO decisions.
• Experience using eMASS, including managing artifacts, maintaining the Implementation Plan, and writing test results.
• Experience performing Risk Management Framework RMF requirements analysis.
• Experience applying STIGs to web applications, databases, operating systems, and network devices.
• Experience supporting incident response processes.
• Strong understanding of information system and network design concepts.
• Experience in creating and maintaining ATO/RMF documentation, to include: Hardware/Software Lists, Network Architecture Diagrams, Audit Logs, Privacy Impact Assessments, PPSM, DMDC/CSD Required Forms, SonaType/Fortify scans, StackRox scans, BURP Scans, ASD STIG checklists.
• Experience in creating and updating any POA&Ms in eMASS.
• Compliant with contract specified roles mapped to DoD 8140 required certifications (e.g., Security+, CISSP, CISM).

Responsibilities

• Works in accordance with the Transition-In plan and in coordination with the Knowledge Transfer Team.
• Ensures that all required knowledge, artifacts, and repositories associated with Cyber Security requirements for DVASP and related COTS and GOTS have been transitioned.
• Responsible for receiving the current status of all Cyber Engineers' efforts and the status of the RMF process for each workstream.
• Coordinates with the Cybersecurity Division to validate the current status of each workstream to include ATO, POA&M and pending remediation actions.
• Responsible for ensuring all cyber security information has been successfully transitioned to the assigned work stream lead. In the absence of a workstream lead, accepts information associated with the workstream.
• Supports the Knowledge Transfer Lead in Knowledge Transfer activities related to Information Assurance.
• Shares responsibility for Knowledge Transfer activities and program status acceptance.
• Validates Knowledge Transfer Plan details with the Knowledge Transfer Lead to make sure all IA related project artifacts, schedules, work products, and knowledge repositories have been transferred.
• Develop, update, and maintain DVASP IA Policies and Standard Operating Procedures (SOPs) that align with RMF and other requirements.
• Update and maintain the DVASP System Security Plan (SSP) and Implementation Plan in eMASS in compliance with government requirements.
• Update and maintain key Risk Management Framework (RMF) compliance artifacts including the DVASP Hardware/Software list, Ports, Protocols, and Services Management (PPSM) Bulk Upload spreadsheet, Security Technical Implementation Guide (STIG) checklists, network diagrams, and other artifacts in compliance with government requirements.
• Support DoD RMF continuous monitoring requirements and update test results annually in eMASS in compliance with government requirements.
• Support IA compliance status reporting.
• Support the DVASP Cyber hardening application release approval process including using Fortify Software Security Center (SSC) to generate POA&Ms and track new findings.

Benefits

• Employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.