Provides security testing support with aim to successfully obtain DoD/IC certifications and Accreditation. Ensures products and services comply with all appropriate Information Technology Security (ITSEC) certification & accreditation requirements and best practices as prescribed by ODNI, DIA, DoD, DISA, DITSCAP, and local authorities. Performs security testing and documentation work, including production of IT certification and accreditation artifacts, such as System Security Plans (SSPs), Security Control and Traceability Matrices (SCTMs), Security Test Procedures (STPs), and Software Security Test Reports (SSTRs) for JDISS JPO products.
- Perform automated security scans, analyze scan results, and document findings for products as required to successfully complete Collateral and SCl-level security certification testing and evaluation (ST&E) as appropriate for the product.
- Perform security tests according to STP and STD documents and prepare a System Security Plan (SSP) as tasked for approved project requirements.
- Work with developers and software engineers to troubleshoot problems found during installation and functional tests
- Document scan results and findings in accordance with defined Security processes
- Conduct research and testing to ensure existing and evolving products/services meet current ODNI, DIA, DoD, DISA, DITSCAP, and local authority's security requirements as appropriate.
- Document results of security requirements analysis, evaluations, alternatives analyses, risk assessments, and other security-related activities.
- Document and execute a plan for each security assessment and testing task and other security-related activities.
- Provide input to projects teams, SI, Operations staff, and Field Engineers on the applicability of new security bulletins, vulnerabilities, and patches required by external authorities.
- Track status of security bulletins (e.g., IAVAs) to include publishing from government and commercial sources, and monitoring response through the software development, integration, and documentation processes.
- Track Computer Emergency Response Team (CERT) advisories about security vulnerabilities.
- Keep abreast of required system configuration and testing guidelines and updating practices and procedures as appropriate.
- Education or Experience: BS in IT or hard sciences AND 5 years of C & A testing experience with DIACAP, DCID 6/3, ICD-503, and/or NIST Framework
- Certifications: Must meet DoD Directive 8140 requirements prior to employment, anticipate CompTIA Security+ certification.