The IASAE Level II personnel are responsible for the design, development, implementation, and/or integration of the customer’s lA architecture, system or system component. They ensure that IA related Information Systems (IS) will be functional and secure. They provide Information Technologysecurity engineering, integration services, technical assessments, and solutions. This includes analyzing the IA/Information Systems environment helping customers understand information security needs, defining system security requirements, designing system securityarchitectures, developing and implementing detailed security designs and measures to safeguard information, and assessing information protection effectiveness.
Responsibilities include, but are not limited to:
- ·Identifies information protection needs for the customer’s Information Systems (IS).
- ·Defines the customer’s IS security requirements in accordance with applicable lA requirements.
- ·Provides system related input on lA security requirements to be included in statements of work and other appropriate procurement documents.
- ·Designs securityarchitectures for use within the IS.
- ·Designs and develops lA or IA-enabled products for use within the customer’s IS.
- ·Integrates and/or implements Cross Domain Solutions (CDS) for use within the customer’s IS.
- ·Develops and implements security designs for new or existing network system(s); ensures that the design of hardware, operating systems, and software applications adequately address lA security requirements for the IS.
- ·Designs, develops, and implements networksecurity measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
- ·Designs, develops, and implements specific lA countermeasures for the IS.
- ·Develops interface specifications for the IS.
- ·Develops approaches to mitigate the customer’s IS vulnerabilities and recommend changes to system or system components as needed.
- ·Ensures system(s) designs support incorporation of DoD, IC, and customer-directed lA vulnerability solutions, such as Information Assurance Vulnerability Alerts (IA VAs)/lntelligence Community Vulnerability Alerts (ICVAs).
- ·Develops lA architectures and designs for designs for National Security Systems with security categorizations of confidentiality, low to moderate; integrity, low to moderate; and availability, low to moderate.
- ·Develops lA architectures and designs for systems processing Sensitive Compartmented
- ·Information (SCI) operating in dedicated, system high or compartmented mode.
- ·Assesses threats to and vulnerabilities of the customer’s IS.
- ·Identifies, assesses, and recommends lA or IA-enabled products used within the IS; ensures products are in compliance with the customer’s evaluation and validation requirements.
- ·Ensures that the implementation of security designs properly mitigate identified threats.
- ·Assesses the effectiveness of information protection measures used by the customer’s IS.
- ·Evaluates securityarchitectures and designs and provides input as to the adequacy of security designs and architectures proposed or provided in response to requirements contained in acquisition documents.
- ·Ensures security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate Authorizing Official or Designated Authorization Official (DAO).
- ·Provides input to lA C&A process activities and documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training)
- ·Participates in an Information Systems (IS) risk assessment during the C&A process and design security countermeasures to mitigate identified risks.
- ·Provides engineering support to security/certification test and evaluation activities.
- ·Documents system security design features and provides input to implementation plans and standard operating procedures.
- ·Recognizes a possible security violation and take appropriate action to report the incident.
- ·Implements and/or integrates security measures for use in network system(s) and ensure that system designs incorporate security configuration guidelines.
- ·Ensures the implementation of the customer’s lA policies into system architectures.
- ·Ensures the implementation of subordinate customer lA policies is integrated into the customer’s IS system architecture.
- ·Obtains and maintains lA certification appropriate to the position.
- ·Minimum Education: B.S. or relevant experience in related field.
- ·Minimum/General Experience: 6 years of relevant experience.
- ·Must be DoD 8570.01 compliant within 6 months of the hire date.