Serve as a principal advisor to the Government on all matters, technical and otherwise, involving the security of an Information System (IS)
- Provide the detailed knowledge and expertise required to manage the security aspects of an IS. Maintain responsibility for the day-to-day security operations of the system. Responsibilities may also include:
- Security Control Validation Visits
- Secure Configuration and Change management
- Event Management
- Account Management
- Vulnerability Management
- Security Incident Management
- POA&M Management
- Collaborate with the System Owner to maintain Approval to Operate (ATO), including the resolution of any Plans of Action & Milestones (POA&M) documents issued by the DAO;
- Maintain and validate account and vulnerability management;
- Develop and provide update System security Plans (SSPs) and supporting documentation (e.g. SECONOPs, diagrams, Privileged User’s Guide);
- Respond to any data calls;
- Provide security design guidance and analysis to the project team throughout the RMF process;
- Collaborate with the Information System Security Engineer (ISSE) in the design, build, and self-test of systems;
- Perform reviews of technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommended mitigation strategies;
- Utilize XACTA, the system of record for SCA data
INDIVIDUAL CAPABILITIES / EXPERENCE REQUIRED
- Bachelor’s degree or advanced degree in Computer Science or other related discipline plus at least 15 years of systems engineering experience. Four (4) years of additional experience may be substituted for a bachelor’s degree.
- A Master’s degree or PhD may be substituted for two years of experience.
- A high school diploma or GED plus 19 years of systems engineering experience would also be acceptable.
- DoD8570 compliance with Information Assurance Technical (IAT) Level 2 or higher is required.
Cyber Security, operating systems, system support, XACTA