Write customer facing Designated Authorizing Official (AO) Risk Acceptances (ARA) documents and Directorate level Plan of Actions and Milestones (POA&M) documents to be accepted by the respective ID64 Branch Chief, Vice Director and AO. A high level of attention to detail is required when writing these documents and our customers are very critical when it comes to all aspects of ARA and POA&M development.
Complying with the Information Assurance Vulnerability Management (IAVM) process, but is not limited to: Performing Information Assurance Vulnerability Alert (IAVA) and Bulletin (IAVB) applicability analysis, compiling and reporting IAVA and IAVB testing, implementation, and compliance reporting.
Ability to properly manage multiple customers' expectations through daily meetings with Government Program Managers in terms of product deliverables, scope of IA testing, and schedule milestones. Primary candidates should exhibit a confidence in IA that is unmatched and that our customers will not only respect, but will trust.
Ability to manage multiple systems at various stages of the DIACAP/RMF process while maintaining a pristine security postures within Continuous Monitoring and Risk Scoring (CMRS) and eMASS.
Develop customized IA processes and SOPs for capturing and managing the evaluation and IA assessment of products supported by DISA programs and ID64.
Deliver rapid turn-around for product IA validation through coordinated efforts with Government Project leads and Vendors.
Mentor junior, intermediate and senior members of the IA staff in the evaluation, assessment, and understanding the security requirements of all associated DISA IA supported programs (i.e., POA&Ms, STIGs, C&A processes, etc).
Define C&A content and write Concept of Operations (CONOPS), Tactics, Techniques and Procedures (TTPs), Security Policy and procedures documents (i.e., SSP), to include Continuity of Operations (COOP) or Contingency Plans.
Execute Security Test and Evaluations (ST&E) on Windows, Linux and Solaris operating systems hosting stand-alone and web applications, as well as various databases (i.e. MS SQL).
Analyze the results from DISA-approved security tools and provide recommendations based on vulnerability scan results. This is performed while taking into consideration the asset's functional environment and business impacts it could have for ID64 and the warfighters.
Perform system and asset hardening with additional scans to ensure no residual vulnerabilities are present.
Exhibit expert familiarity with Assured Compliance Assessment Solution (ACAS), McAfee Host Based Security System (HBSS), Enterprise Mission Assurance Support Service (eMASS), Continuous Monitoring and Risk Scoring (CMRS), and various other DISA related products.
Expert level Security Readiness Review (SRR) experience. Primarily, Windows, Linux, and Database applications. This must accompany formal DISA SRR training certificates. This will ensure the best suited candidate can perform security administration including periodic Security Readiness Review (SRR) and assist in the successful completion of SRRs with zero oversight.
Knowledge of DISA processes, procedures and culture such as Penetration testing Ports, protocol and services management. Drafting technical documents and milestones. C&A and A&A Accreditation management. eMASS artifact management. Complete application and web Security Technical Implementation Guides (STIG) for Enterprise applications and tools. Auditing Enterprise applications and tools. DIACAP and RMF control compliance. Draft and track to completion Enterprise Plan of Action and Milestones (POA&M) for open application, DBMS, and web vulnerabilities. Establish mitigation strategies for OPORD, TASKORD, and FRAGOs and maintain Enterprise System Security Plans and Functional Architecture artifacts and documents.
In-depth understanding of the impacts of various Information Assurance (IA) issues throughout the System Development Life Cycle (SDLC) and is able to properly articulate these in professional, timely, and quality fashion.
Document and maintain system component IA baselines to support Change Management, Configuration Control, and Certification & Accreditation processes.
Provide assistance to the DISN OSS Certification and Accreditation Team in obtaining IA approvals and Authority to Operate (ATO) from the AO (previously the DAA).
Comply with and enforce Security Technical Implementation Guides (STIGS), DoD policies and procedures and Federal IA Guidance.
Ensure networks and systems being developed implement DoD baseline IA Controls.
Ensure networks and systems being developed are based on evaluated COTS and GOTS products per policy.
Enforce agreed-upon controls and mitigation strategies
Select, implement, and maintain access control software
Maintain existing security related documentation
Establish and protect storage and retrieval systems for classified and sensitive data
Expert on leading in all stages of system development and sustainment efforts, including requirements definition, design, architecture, testing, penetration scanning and support.