Assessment and Authorization Analyst
Unleash the power of automation for your job search (Paid option) Apply Manually(Free)
I have time, I'll manually find and apply for jobs
Full Time Salaried Employment
Location: Washington D.C.
Clearance Requirements: TS/SCI
Responsibilities and Duties:
Perform assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) on behalf of a federal civilian agency as a contractor
Conduct cybersecurity analysis in preparation for A&A reviewing and validation of all associated cybersecurity documentation and technical controls
Develop System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation
Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
Identify potential risks associated with system configurations and advise on mitigation strategies
Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
Assist to estimate Level of Effort (LOE) involved in performing A&A activities
Assist to develop and implement detailed test plans and review findings from self-assessments to determine readiness for independent validation and verification (IV&V) assessment
Assist customer program offices in interpreting and applying mitigation strategies
Conduct IV&V assessments and analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements
Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document
Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
Produce risk assessment artifacts describing initial risks during system development and residual risks identified during IV&V
Maintain cybersecurity policy and processes as assigned
Manage and track systems or programs involved in the A&A process.
Develop and implement security related directives and guidance for Information Assurance; Information Technology; and Information Management
Promote an environment of continuous process improvement, learning and team collaboration
Minimum Qualifications
Must possess a Bachelor’s degree in a related field
Must possess a Top-Secret Personnel clearance with eligibility for access to SCI (TS/SCI). Top Secret SSBI candidates could be read in in SCI
5+ years of experience in the following areas: Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's
2 years of experience in EDP auditing, computer programming, or other relevant areas.
One or more of the following certifications preferred (Security+, CAP, CISSP, CISM, GSEC, GCIH, or GSLC)
Familiar with information security and assurance principles and associated supporting technologies
Excellent customer service, organizational, and writing skills
Knowledge of FISCAM, GAAS, applicable programming languages, system application & hardware components, networks, etc.
Working Conditions/Physical Demand Statement
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The noise level in the work environment is usually moderate.
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is frequently required to sit, talk and hear. The employee is occasionally required to walk; use hands and fingers to operate, handle, or feel objects, tools, or controls; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.