- 09-Mar-2017 to 08-May-2017 (EST)
- Reston, VA, USA
- Full Time
- TS - SCI - CI Poly
Security Control Assessor (SCA) performs assessments of all systems under the purview of the Director DIA. These assessments include the use of various technical tools to assess a target systems capabilities, deficiencies, and vulnerabilities; review of technical and administrative documentation; discussion and interviews with responsible system personnel; analyzing and assessing various data points to identify the risk associated with an assessed system; providing written documentation and assessment for each assigned system.
- Assist in centralization of A&A files/documentation and maintain files/library; ensure validity and integrity of all systems.
- Create, update, and delete entries in databases utilized for the tracking of system and network compliance.
- Ensure that all IA systems are properly documented with Configuration Management processes.
Maintain the security accreditation status of systems/sites including the review of current documentation, site architectures and coordination with sites to ensure the documentation is accurate with the current site architecture, IAW DIA Policy and processes.
- Perform, participate and support all assessment and authorization (A&A) efforts for systems, networks, and applications (all security domains) IAW DoD and IC requirements.
- Provide coordination for assessment metric submissions.
- Provide direct support in development of other A&A related systems bodies of evidence in accordance with current NIST, ICD, DIAD guidance, using the government provide A&A tool (e.g. XACTA).
- Provide security engineering assessments of proposed IT solutions.
- Support to the DIA Assessment and Authorization (A&A) Risk Management Framework process for all DIA managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation. Support remote sites when required.
- Work in coordination with both internal and external systems administrators, configuration management, and network engineers to ensure proper configuration and adherence to security standards in regard to deployment actions.
- Serve as Security Controls Assessors for formal Security Test and Evaluation, Conduct of Security Certifications of (DoDIIS) systems/networks/sites assessing security control compliance, providing guidance regarding remediation and mitigation of identified vulnerabilities,, all security domains.
- Provide guidance on the application of security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements, reviewing and determining the adequacy of required documentation.
- Development of all supporting test reports and supporting artifacts and plan and action of milestones (POA&Ms) documenting open findings, preparation of formal authorization packages and oversight of the resolution of POA&Ms and development and maintenance of assessment and authorization enterprise schedules and metrics.
- Provide support for DIA management and maintenance of assessment and authorization repositories.
- Perform security assessments at remote sites with collateral (includes, but not limited to, NIPR/SIPR) and/or TS/SCI AIS under DIA's purview and/or managed by DIA.
- Bachelors Degree in Computer Science or a related technical discipline, and 10 years experience for SME SCA or the equivalent combination of education, professional training or work experience.
- Candidates must posses DoD 8570 IAT III level certification. CISA or CISSP certification highly desired.
- Candidates must have an active TS/SCI and must be willing to obtain and maintain a CI polygraph.