Cyber Security Authorization & Accreditation

at Quantech Services
Published July 7, 2020
Location Colorado Springs, CO
Category Default  
Job Type Full-time  

Description

  • Ensure alignment of cybersecurity requirements in the technical baselines, the system security architecture, information flows, design, and the security controls by participating in appropriate meetings
  • Ability to evaluate changes and provide inputs to root cause analysis recommended solution; determine the security impacts of proposed or actual changes to the system, environment, threats, and vulnerabilities; and if any, document in written reports the changes/revisions to the system’s RMF artifacts
  • Review and provide system or environment changes to ensure proper cybersecurity configuration modification management and planning support are implemented
  • Review system’s test plans and test results for security control implementation IAW cybersecurity policies, guidance and plan documenting any findings in a report
  • Perform security impact analysis on any system change and prepare appropriate documentation
  • Monitor and adhere to the system’s published A&A schedule deadlines
  • Maintain, track and update system’s cybersecurity baselines via Enterprise Mission Assurance Support Service (eMASS) or equivalent
  • Provide recommended updates to program cybersecurity policies and plans reviewed annually
  • Able to accurately portray system progress on RMF compliance
  • Maintain data in the Information Technology Investment Portfolio Suite (ITIPS)
  • Conduct and/or report annual FISMA security reviews, contingency test completion dates, and validation of cybersecurity control compliance
  • Conduct annual control validations (ACVs) for Nuclear Command, Control & Communication (NC3) systems
  • Create and maintain common control packages and serve as the common control provider for SMC/ECPM systems
  • Create and maintain Authority-to-Connect (ATC) guest system packages in eMASS
  • Ensure SMC/ECPM has a cybersecurity vulnerability management plan and risk assessment capability including quarterly program contractor ACAS and SCC report review and semi-annual risk characterization
  • Prepare, maintain, & report status of each A&A package on an integrated schedule
  • Identify, collect, review, and maintain RMF required artifacts
  • Create and maintain eMASS system descriptions and POA&Ms
  • Review and advize on RMF related memorandums of agreements/ memorandums of understanding/ service level agreements/ interconnection service agreement (MOA/MOU/SLA/ISA) for RMF compliance
  • Conduct system self-assessments on security control compliance for RMF packages prior to submitting and obtaining approvals
  • Create and maintain continuous monitoring plan and system-specifics plans
  • Perform Information System Security Officer (ISSO) responsibilities for support system environment
  • Conduct site inspections on the contractor and sub-contractor facilities
  • Provide RMF training/education for program managers and integrated product team leads
Job Requirements

  • 3-10+ Years in Information Assurance Training (IAT) and/or Identity and Access Management (IAM) Level-II functions including but not limit to DoD & DAF Cyber Security (CS), CS Risk Management Framework (RMF), Information Technology Investment Portfolio System (ITIPS), Enterprise Mission Assurance Support System (eMASS), Federal Information Security Modernization Act (FISMA), and Defense Information System Agency (DISA) Information Assurance Support Environment (IASE).