DMI

Information Assurance Security Specialist

2 weeks ago
Job ID
2017-14518
Category
Infrastructure Support
US-AL-Montgomery

Overview

About DMI

DMI, the world’s first end-to-end mobility company, combines all the skills and services necessary to deliver mobile enterprise solutions. Built to reinvent business through mobility, DMI has expertise in mobile strategy, UX, web, and app development, omni-channel commerce, brand and marketing, big data management and analytics, and secure device and app management. The company’s unique, integrated approach to mobility has resulted in dramatic growth as well as an expanding client base, which includes hundreds of Fortune 1000 commercial clients and all fifteen U.S. Federal Departments. DMI is headquartered in Washington DC area, with satellite offices around the world. Additional information is available at www.dminc.com and on LinkedIn, Twitter, Facebook, and Google+.

Responsibilities

About the Opportunity

Digital Management, Inc. (DMI) is seeking a full time Information Assurance Security Specialist to support a Defense Information Systems Agency customer at DISA headquarters in Fort Meade, MD. The Information Assurance Officer will perform Information Assurance tasks for Government Off-the-Shelf (GOTS) and Commercial Off-the-Shelf (COTS) products for the Department of Defense and Mission Partner's Telecommunications and Infrastructure Network. Must be open to daytime shift work.

 

Duties and Responsibilities:   

  • Write customer facing Designated Authorizing Official (AO) Risk Acceptances (ARA) documents and Directorate level Plan of Actions and Milestones (POA&M) documents to be accepted by the respective ID64 Branch Chief, Vice Director and AO. A high level of attention to detail is required when writing these documents and our customers are very critical when it comes to all aspects of ARA and POA&M development.
  • Complying with the Information Assurance Vulnerability Management (IAVM) process, but is not limited to: Performing Information Assurance Vulnerability Alert (IAVA) and Bulletin (IAVB) applicability analysis, compiling and reporting IAVA and IAVB testing, implementation, and compliance reporting.
  • Ability to properly manage multiple customers' expectations through daily meetings with Government Program Managers in terms of product deliverables, scope of IA testing, and schedule milestones. Primary candidates should exhibit a confidence in IA that is unmatched and that our customers will not only respect, but will trust.
  • Ability to manage multiple systems at various stages of the DIACAP/RMF process while maintaining a pristine security postures within Continuous Monitoring and Risk Scoring (CMRS) and eMASS.
  • Develop customized IA processes and SOPs for capturing and managing the evaluation and IA assessment of products supported by DISA programs and ID64.
  • Deliver rapid turn-around for product IA validation through coordinated efforts with Government Project leads and Vendors.
  • Mentor junior, intermediate and senior members of the IA staff in the evaluation, assessment, and understanding the security requirements of all associated DISA IA supported programs (i.e., POA&Ms, STIGs, C&A processes, etc).
  • Define C&A content and write Concept of Operations (CONOPS), Tactics, Techniques and Procedures (TTPs), Security Policy and procedures documents (i.e., SSP), to include Continuity of Operations (COOP) or Contingency Plans.
  • Execute Security Test and Evaluations (ST&E) on Windows, Linux and Solaris operating systems hosting stand-alone and web applications, as well as various databases (i.e. MS SQL).
  • Analyze the results from DISA-approved security tools and provide recommendations based on vulnerability scan results. This is performed while taking into consideration the asset's functional environment and business impacts it could have for ID64 and the warfighters.
  • Perform system and asset hardening with additional scans to ensure no residual vulnerabilities are present.
  • Exhibit expert familiarity with Assured Compliance Assessment Solution (ACAS), McAfee Host Based Security System (HBSS), Enterprise Mission Assurance Support Service (eMASS), Continuous Monitoring and Risk Scoring (CMRS), and various other DISA related products.
  • Expert level Security Readiness Review (SRR) experience. Primarily, Windows, Linux, and Database applications. This must accompany formal DISA SRR training certificates. This will ensure the best suited candidate can perform security administration including periodic Security Readiness Review (SRR) and assist in the successful completion of SRRs with zero oversight.
  • Knowledge of DISA processes, procedures and culture such as Penetration testing Ports, protocol and services management. Drafting technical documents and milestones. C&A and A&A Accreditation management. eMASS artifact management. Complete application and web Security Technical Implementation Guides (STIG) for Enterprise applications and tools. Auditing Enterprise applications and tools. DIACAP and RMF control compliance. Draft and track to completion Enterprise Plan of Action and Milestones (POA&M) for open application, DBMS, and web vulnerabilities. Establish mitigation strategies for OPORD, TASKORD, and FRAGOs and maintain Enterprise System Security Plans and Functional Architecture artifacts and documents.
  • In-depth understanding of the impacts of various Information Assurance (IA) issues throughout the System Development Life Cycle (SDLC) and is able to properly articulate these in professional, timely, and quality fashion.
  • Document and maintain system component IA baselines to support Change Management, Configuration Control, and Certification & Accreditation processes.
  • Provide assistance to the DISN OSS Certification and Accreditation Team in obtaining IA approvals and Authority to Operate (ATO) from the AO (previously the DAA).
  • Comply with and enforce Security Technical Implementation Guides (STIGS), DoD policies and procedures and Federal IA Guidance.
  • Ensure networks and systems being developed implement DoD baseline IA Controls.
  • Ensure networks and systems being developed are based on evaluated COTS and GOTS products per policy.
  • Enforce agreed-upon controls and mitigation strategies
  • Select, implement, and maintain access control software
  • Maintain existing security related documentation
  • Establish and protect storage and retrieval systems for classified and sensitive data
  • Expert on leading in all stages of system development and sustainment efforts, including requirements definition, design, architecture, testing, penetration scanning and support.

 

Qualifications

Education and Years of Experience: 

  • Bachelor's Degree in IT related field or equivalent experience
  • DOD 8570 Information Assurance Technical (IAT) Level II compliant

Desired Skills/Certifications:

  • CISSP or related IA certification
  • Network+ certification

Additional Requirements:

  • Secret Clearance

Physical Requirement(s): N/A

 

Location: DISA - Montgomery, AL

 

PM2017

Working at DMI

DMI is a diverse, prosperous and rewarding place to work. We provide our employees with competitive benefits, educational assistance, and career growth opportunities. Every employee is valued for their talents and contributions. We all take pride in helping our customers achieve their goals, which in turn contributes to the overall success of the company.

The company does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans, and to treat qualified individuals without discrimination on the basis of their physical or mental disability or veteran status. DMI is an Equal Opportunity Employer Minority/Female/Veterans/Disability.


***************** No Agencies Please *****************


Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. US citizenship may be required for some positions.

 

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.