Information Systems Architect Mid

ULU HI-TECH, INC.•Honolulu, HI

2d•Onsite

About The Position

The Information Systems Architect Mid will assist the Government Lead in daily tasks to ensure all systems have current Authorizations to Operate (ATOs). This role facilitates Assessment and Authorization (A&A) for Information Systems, focusing on data availability, integrity, authentication, and non-repudiation. Through A&A review processes, the architect ensures security measures are implemented for communication systems and networks, and provides advice that systems and personnel adhere to established security standards and Governmental requirements. The position involves developing and executing security policies, plans, and procedures, initiating and maintaining A&A packages, and updating relevant documentation for systems like DON DADMS and DITPR-DON. The role also includes submitting Ports and Protocols for approval, initiating actions for cybersecurity divisions, and ensuring timely responses from relevant points of contact. Additionally, the architect will assist with validation of A&A packages, review and provide input for Operational Plan of Action and Milestones (POA&M), and conduct vulnerability scans using ACAS, assisting engineers in documenting system vulnerabilities. Vulnerability management duties include using various scanning tools and documenting findings in RSA Archer eGRC.

Requirements

Experience with Department of Defense Information Assurance Program (DIACAP) and Risk Management Framework (RMF).
Must possess Information Technology Infrastructure Library (ITIL) version 3 Foundation certification.
IAT Level II certification.
Active Secret Clearance (T3 Investigation).

Responsibilities

Assist the Government Lead in daily tasks to ensure all systems have current Authorizations to Operate (ATOs).
Facilitate Assessment and Authorization (A&A) for Information Systems, data availability, integrity, authentication, confidentiality, and non-repudiation.
Ensure security measures are implemented for communication systems, networks, and provide advice that systems and personnel adhere to established security standards and Governmental requirements for security on these systems.
Develop and execute security policies, plans, and procedures.
Initiate creation of A&A packages to support receipt of Authorizations to Operate (ATOs), collaborate with Engineers to gather required information for A&A packages, and update A&A packages as required.
Perform lifecycle maintenance of A&A packages ensuring ATOs do not expire without proper updates.
Update the appropriate documentation for Department of the Navy (DON) Application & Database Management System (DADMS) and Department of Defense Information Technology Portfolio Repository - Department of the Navy (DITPR-DON).
Submit Ports and Protocols with all supplemental documentation to DISA for approval.
Submit tickets to initiate action from Headquarters Marine Corps (HQMC) Command, Control, Communications, and Computers (C4) Cybersecurity Division (CY) for approval.
Ensure appropriate action is taken in a timely manner by appropriate point of contact (POC) within the A&A packages.
Assist with validation of A&A packages as required by the Government.
Review and provide input for Operational Plan of Action and Milestones (POA&M) for submission to Action Officer (AO).
Conduct vulnerability scans using Assured Compliance Assessment Solution (ACAS) and assist Engineers in documenting system vulnerabilities.
Using Tenable SecurityCenter and Nessus scanners, RedSeal, BigFix, Security Content Automation Protocol (SCAP) Compliance Checker (SCC) Tool, HP Fortify, other automated tools, and manual inspections to identify vulnerabilities.
Documenting vulnerabilities in the RSA Archer eGRC system; reporting vulnerability statistics.