Key member of a team providing support for the US Army Identity Credential and Access Management (ICAM) Services contract supporting systems on both Non-classified Internet Protocol (IP) Router Network (NIPRNet) and Secret Internet Protocol Router Network (SIPRNet). Responsible for performing and leading support of Certification and Accreditation (C&A) or other IA/CND Compliance and Auditing processes and inspections for all enterprise systems and networks; ensures validity and accuracy review of all associated documentation. Leads and performs compliance reviews of computer security plans, performs risk assessments, and validates and performs security test evaluations and audits. Analyzes and defines security requirements for information protection for enterprise systems and networks. Assists in the development of security policies. Analyzes the sensitivity of information and performs vulnerability and risk assessments based on defined sensitivity and information flow.
Key Tasks and Responsibilities
- Provide and execute Cybersecurity (CS) and Information Assurance (IA) planning, operations, including remediation, application of Information Assurance Verification Management (IAVM) and patches, vulnerability management, patch management, security engineering, reporting and support certification and assessment and authorization activities.
- Comply with National Institute of Standards and Technology (NIST) Special Publication 800-53 (current revision) and all other DoD and Army CS/IA regulations, policies, Security Technical Implementation Guide (STIG) and other directives.
- Ensure all ICAM systems are IAVM and STIG compliant.
- Assist with the migration of the ICAM solution to the cloud.
- Monitor the ICAM applications to ensure that all security incidents and events are received by the Security Information and Event Management (SIEM) system within host data center and alerts provided to the Government that includes but is not limited to the following areas:
- Tracking the availability of the system and its component elements
- Maintaining performance to ensure that the through-put of the system does not degrade unexpectedly as the volume of work increases
- Protecting the privacy and security of the system, users, and their associated data
- Tracking the operations that are performed for auditing or regulatory purposes
- Monitor the day-to-day usage of the system and spotting trends that might lead to problems if they are not proactively addressed
- Tracking issues that occur, from initial report through to analysis of possible causes, rectification, consequent software updates, and deployment
- Tracing operations and debugging software releases
- Provide dedicated Assessment and Authorization (A&A) Support Services (e.g., Risk Management Framework (RMF)).
- Maintain systems that can be certified and accredited in accordance with Army and DoD Security Requirements and Policy.
- Develop and maintain Certification and Security Packages for each accreditation, to include but not limited to, System Security Plan (SSP), Risk Management Framework (RMF), POA&M, System Topology, Hardware and Software List and all necessary articles/artifacts to fulfill the package, as required.
- Address all aspects of control implementation and fulfill the “RMF Practitioner” role as defined in DoDI 8510.01.
Education & Experience
- MA/MS degree with 10+ years relevant experience (BA/BS degree and 12+ years can substitute).
- Experienced in Risk Management Framework accreditation process, and Cloud Migration analysis, preparation, certification and monitoring is required.
- Relevant industry certifications are desired.
- DoD Secret clearance is required
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
- Telework may be allowed.
- Some travel may be required to support contract requirements.
EOE AA M/F/Vet/Disability
EEO is the Law: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf
DoD 8570.01.M: http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf