Mid-Level Cybersecurity Specialist – Assessment and Authorization A&A/RMF

at General Dynamics Information Technology
Location Arlington, VA
Date Posted March 9, 2018
Category Default
Job Type Full-time


Job Description

In this role, you will apply your understanding of computer security, military system specifications, and Department of Defense Information Assurance (DoD) (IA) policies, in the execution of all aspects of the systems and their Cybersecurity posture. You would be responsible for DoD Information Assurance Risk Management Framework (DIARMF), and the implementation of Cyber Security and IA boundary defense techniques, various IA-enabled network technologies and appliances to facilitate certification and security engineering tasks in support of the customer.

You will partner with IT Security Analysts and Enterprise Architects to establish, understand, and adhere to technical and IT security standards. Involved in all aspects of the technology life-cycle to ensure that non-functional and functional requirements are adhered to in design and build so solutions are stable, secure, resilient, and perform well.

As the Mid-level Assessment and Authorization support, this position will be responsible to plan, develop, and execute automated and manual tests to validate security posture/controls in accordance with DOD 8500.2/8510.01. This position will work directly with teams that support DoD Information Assurance Certification and Accreditation (DIACAP) and Risk Management Framework (RMF). The candidate will analyze current documents, and provide detailed reports. The candidate will assist the government with input, instructions, and guidance as needed for the creation of adequate package documentation and artifacts. The candidate will review test plans and procedures to ensure the test plan addresses the correct level of effort and is sufficiently comprehensive to validate all IA requirements applicable to the IT system or site being assessed and accredited. The candidate shall evaluate IA discrepancies and recommend mitigation measures for reducing or eliminating specific risk items. The candidate may also be tasked to engage the JSP CA Liaisons, SCA Reviewers, and ISSMs to discuss and obtain mitigation guidance. Further, the candidate will author DoD IA Assessment and Authorization artifacts, document a system from an IA perspective using Microsoft Office including MS Visio, MS Word, MS Excel and other appropriate tools. A minimum of 5 years of experience in analyzing and securing DoD or Information Technology systems for compliance with specifications, requirements and policies including hands on support under the application of DIACAP / RMF. Candidate must display and convey an understanding of computer security, military system specifications, DoD IA policies and the ability to communicate clearly and succinctly in written and oral presentations.

Work under general supervision to provide Cybersecurity engineering documentation services to build secure technical documentation for applications, systems, architectures, and infrastructure that are operationally viable and efficient. Assist with leveraging security policies and procedures to protect the organization’s systems and information while enabling achievement of organization’s objectives. Update and maintain core enterprise lifecycle documents, including system security plan, security assessment plan and report, contingency plan, standard operating procedures, remediation plans, and configuration management plan.

You could also be asked to:

  1. Author DoD IA Assessment and Authorization (A&A) artifacts.
  2. Document a system from an IA perspective.
  3. Derive, document and/or identify system CONOPS for Mission Assurance Categorization per DoDI 8500.2.
  4. Lead the research, recommend and document logical and physical solutions that prevent, detect and correct the system to be certified and accredited.
  5. Research and apply DISA Security Technical Implementation Guides (STIGs) and NSA recommendations.
  6. Lead the identification of disagreements between as built specifications, security requirements and DoD security policies and design implementations to bring the system into compliance.
  7. Plan, develop, execute and document results of security test procedures.
  8. Lead the preparation and execution an Information Assurance Vulnerability Management (IAVM) Plan.
  9. Lead the preparation and production of a System Security Plan (SSP).
  10. Lead the preparation of a Plan Of Action and Milestones (POA&M)
  11. Lead the technical support effort in identifying and specifying requirements and performing risk assessments.
  12. Lead or Develop Standard Operating Procedures (SOP)
  13. Ensure IT solutions meet requirements for security, availability, capacity, resiliency, and performance in a way that is efficient and supportable, reducing overall support costs.
  14. Understand industry leading solutions and trends for assigned technologies and applying those as appropriate.
  15. Understand business needs and partnering with appropriate IT counterparts to recommend technology solutions.
  16. Establish and maintain an IT multi-year strategy with a focus on continuous improvement. Create and maintain solutions architecture artifacts and other strategy and system documentation.
  17. Use tools such as Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), Junos Space, Cisco Prime and Cisco Adaptive Security Appliance.


Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.



  1. 5-8 years of related experience in data security administration.

  2. Current finalized security clearance – Secret (minimum)

  3. Computing environment certification. (Examples – MCSE Server 2012, MCSA Server 2012, MCSE Productivity, Linux+, RHCSA, RHCE, RHCSS, LPIC-1, LPIC-2, Novell Certified Linux Engineer, Oracle Solaris System Administrator (OCA, OCP or OCF), GCUX, BSDA, CSE – Specialty in Networking and Security – HP-UX, etc.)
  4. Certification meeting IAT Level II or Level III or IAM Level II or Level III – Department Of Defense Instruction (DODI) 8570 compliance. (Examples – Security+ CE, SSCP, GSEC, CISSP, CISA, CASP, CISM, GSLC, CAP, CASP, CISM)
  5. Degree in a Computer Science, Engineering or Information Technology related field is desired but not required. Bachelor's degree in Information Technology/Systems or experience. Master's degree preferred.
  6. 4 years of experience in information technology, required.
  7. 1 year lead experience in information technology, required
  8. Experience with computer networking and telecommunication architecture, the OSI model, and communications protocols
  9. Experienced in collaborating with multiple technical teams to drive solutions that requirement driven.
  10. Experienced in organizing and coordinating deployments of complex systems
  11. Experienced with OS Tier 2 Support in heterogeneous operating system environments (Linux, Windows).
  12. A working knowledge of deployment methodologies and tooling.


  1. Department of Defense Security Clearance of TS/SCI.
  2. Knowledge of multiple database architectures: Cisco, Oracle, Linux, Windows, and VMWare.

Preference to those with experience in coordination of:

  1. Management Networks
  2. Out of Band Management
  3. Joint Regional Security Stack (JRSS) implementation
  4. Production Monitoring Environments
  5. Experience in ITIL framework
  6. Experience with conducting internal security reviews/audits of responsible government systems
  7. Ability to work with technical subject matter experts, including hardware and software designers, operations personnel, and test engineers and communicate potential security risks and mitigations.
  8. Ability to develop and present briefings to technical and senior management audiences and communicate assessment results, risk analyses, mitigation strategies, and forward plans.

Special Demands:

  1. Experience with DoD Certification and Accreditation (C&A) process, DoD Authorization & Accreditation including familiarity with Risk Management Framework (RMF) and the process to obtain an Authority to Operate (ATO).
  2. Strong English communication skills with ability to communicate clearly and succinctly in written and oral presentations.


As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

Only registered members can apply for jobs.