Title:Cybersecurity Assessment & Authorization (A&A) Engineer Analyst
Job Summary:The candidate plays a critical role in the assessment and authorization of existing or new systems. One of the primary responsibilities of this position will be to collaborate with system administrators in assessing the security posture of systems assigned to the candidate throughout the risk management framework (RMF) lifecycle (accreditations, annual reviews, risk assessments, and continuous monitoring activities). The candidate will be essential in interacting with all team members to ensure a comprehensive accreditation package is maintained. This position will require a high degree of self-motivation and organization.
Roles and Responsibilities:- Perform self-assessments utilizing all applicable tools (ACAS, SCAP, STIGs, SRGs) for technology area assigned (Requires SSBI/T5)
- Interact/collaborate with system owner on remediation activities
- Provide support to system owner on STIG/SRG requirements
- Develop POA&Ms (reason system cannot be remediated, mitigation statements, milestones)
- Work in eMASS (upload self-assessment results, manage assets, create/edit POA&Ms
- Respond to CCB requests for assigned technology area (review requests, assign security testing requirements, document final findings)
- Collaborate to create and maintain authorization documentation
- Provide weekly activity report
Basic Qualifications:Minimum Security Clearance: Active Secret required. Completed SSBI/T5 investigation (preferred and required to fulfill complete duties)
Certifications: DoD or DoN Cybersecurity Workforce (CSWF) Certification or compliance (DoDD 8140 or SECNAV M-5239)
- Certifications: DoD 8570 Education and Training certification
- DoD Training: Approved DoD Training Courses
- SSCP/CISSP (Highly desirable)
Education/Experience:- BS degree preferred and 8 years of hands-on experience in Information Technology/Information Assurance. In lieu of degree, 16 years of hands-on experience in Information Technology/Information Assurance.
- Must possess a CompTIA Security + to start work
- OS Certification/Approved Training completed within 180 days of hire
Travel: 10-15%Preferred Qualifications:- Ability to work in a team and independently
- Excellent communication skills (verbal and written)
- Excellent project planning and time management skills
- Experience with Word/Excel/Visio
- Global thinker/analyzer with the ability to assimilate a number of inputs into a cohesive output/strategy
- Well versed in Networking products/technologies
- Working knowledge of Database products/technologies such as: MSSQL, MySQL, Oracle
- Experience with all applicable DISA STIGs associated with listed technologies in preceding bullet
- Able to work with network engineers and system administrators to provide sound advice on technologies from a STIG perspective
Experience with RMF package development:
- Excellent technical writing skills and RMF control knowledge (must be able to technically document assigned area of responsibility as it relates to meeting the requirements of the control)
- Experience with developing POA&Ms (must be able to technically document mitigation strategies and milestones for findings associated with assigned area of responsibility)
- Experience with PPSM (must be able to utilize available information [ACAS scans, CCB forms, etc.] to evaluate and determine appropriateness of required ports/protocols/services for systems assigned)
- Experience with eMASS (must be able to utilize all functions of eMASS including: uploading test results, handling false positives, POA&M creation/management, control review/testing)
- Experience with ACAS (must be able to create/run/review scans, download and import to eMASS, create, and run reports)
