U.S. Citizenship is required. Applicants must possess an active, Federal Government Security Clearance.
• Leading certification and accreditation (C&A) efforts requiring technical coordination between government and contractor Information Assurance (IA) personnel, vendors, and J6F management to prepare Annual Validation, accreditation, and re-accreditation packages for numerous agency systems supporting the war fighter.
• Responsible for technical writing and reviewing of various Standard Operating Procedures (SOPs), special briefings, reports to management, acceptance of risk memorandums, technical issues as they arise, and responding to feedback from other agencies.
• Designated as the Primary J6FA C&A Support Team member and Subject Matter Expert (SME) for the following unclassified applications: BLSA V2.0, BLSA V3.0, Business Systems Modernization-Energy (BSM-E), BID Evaluation Model (BEM), Paperless Ordering & Receipt Transaction Screens (PORTS), and DoD FuelMaster Advanced Enhanced (DODFM AE), which are critical fuel systems supplying the war fighter around the world.
• Conduct automated and manual vulnerability testing on major applications and network infrastructures.
• Develop, implement, and execute a technical assessment test plan.
• Create detailed Plan of Actions & Milestone (POA&M) documents/entries.
• Create detailed assessment reports which include detailed system overviews, risk analysis calculations and findings matrix.
• Provide technical guidance to agency activities preparing Application System Security Plans (ASSPs)
• Research all software and hardware change requests that affect Information Assurance and provide recommendation to accept or reject
• Capable of assessing security risk exposure through analysis of implemented security monitoring tools (Splunk, Foundstone, W32 logs. etc.).
• Capable of translating technical security issues into business risk/impact for reports to senior leadership.
• Interview Operations and Management staff in order to gather relevant system data and configuration details.
• Stand-in for the prime contractor when their Lead is on leave, providing seamless continuation of contract in absence of project manager.
• Experience in system assessments for Federal IT systems (FIPS 199, NIST 800-53, FISMA, FISCAM etc.).
• Working knowledge of the DoD Information Assurance Certification and Accreditation Process (DIACAP), DLA DoD DIACAP Implementation Guide, Enterprise Mission Assurance Support Service (eMASS), and the Vulnerability Management System (VMS).
• Experience with network (router, switch, firewall configuration), Web and database (SQL) security scanning.
• Extensive experience working with Foundstone, Web Inspect, and AppDetective vulnerability scanning tools is desired.
• Must have strong familiarity with NIST, US-CERT, & FEA.
• Experience conducting vulnerability testing on Windows and virtualized environments.
• Experience reviewing, understanding or creating system security plans (SSP), network diagrams, standard operating procedures (SOP)s, and system design documents (SSD).
• Demonstrated oral/written communications, and client facing skills.
• Experience with a variety of network communication protocols with particular emphasis on wireless and mobile communications
Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), or similar security professional certification
Since 1988, Intelligent Decisions (ID) has been developing innovative IT solutions to solve the most challenging requirements of our client,...