We are looking for a Senior Information Assurance Specialist professional to support US Navy programs NAWCTSD Orlando.
Qualified candidate must be familiar with DoD RMF and FISMA and the relevant guidance issued by agencies and the National Institute of Standards and Technology (NIST) including: NIST Special Publication (SP) 800-37, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-30, and NIST SP 800-18. The candidate should have a solid understanding of operating system and networking security, IT system policies, and Security Assessments and Authorizations (SA&A) and knowledge with supporting Defense department customers with securing information systems and maintaining authorizations.
Duties & Responsibilities:
- Providing support to Navy programs to develop and conduct Assessment & Authorization (A&A) and Life Cycle Management documentation of systems and/or networks.
- Assist with the development and maintenance of all necessary A&A documents for achieving either PIT Risk Approvals (PRA) or Authority To Operate (ATO).
- Provide coordination, tracking, and management through all aspects of the A&A process for the PM for the purpose of bringing Systems into compliance with applicable laws, orders, directives, and instructions.
- Ensure and maintain IAVA and STIG compliance and review all change requirements of the systems.
- Perform assessments of new technologies being implemented at the various stages of the Systems Engineering Lifecycle.
- Evaluate and review proposed architectures, and designs within the current and future system design. Determine how to correctly remediate and mitigate system vulnerabilities. An automation-focused approach should be used when remediating systems.
- Review, prepare, and update Navy authorization packages
- Advise the Program Manager and other program stakeholders regarding cybersecurity matters, including change control, Information Assurance Vulnerability Management (IAVM), and DoD, DoN, and NAWCTSD policy
- Notify customer when changes occur that might affect authorization
- Perform security self-assessment, using the DISA Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP) and the Assured Compliance Assessment Solution (ACAS)
- Perform Independent Assessments as a Navy Qualified Validator (NQV), including developing the Security Assessment Plan (SAP), validating the program Self-Assessment, using the above-mentioned tools, and completing the Security Assessment Report (SAR)Develop system-level policy documentation to address NIST control requirements
- Develop system-level policy documentation to address NIST control requirements
Required Skills and Experience:
- Clearance Required: Secret SSBI
- Must possess 5-7 years of experience with RMF and compliance activities (DoD RMF, DIACAP, FISMA, FedRAMP, PCI DSS, HIPAA)
- Bachelors degree; or 5 years experience
- DoD Cybersecurity Workforce (CSWF) IAT II certification (i.e Security + CE)
- Active NQV II Credential
- Strong written and oral communication skills.
- Ability to work independently in a remote environment
- Experience conducting assessments using STIGs
- Working knowledge of Windows and Linux Operating Systems
- Experience with ACAS, SCAP Scanners
- Familiarity with Excel, Word, Visio and PowerPoint