Program Manager/Senior Systems Security Engineer
3 days left
- Full Time
OverviewProSphere is seeking a Program Manager to lead the efforts in providing validation and sustainment services support for a defense agency's IT systems. The Program Manager will provide team oversight to a team of five systems security engineers as well as play a key role as a Senior Systems Security Engineer in performing validator tasks with Certification and Accreditation (C&A) and/or Assessment and Authorization (A&A) packages. This is a full-time position located in Dahlgren, VA, requiring an active Secret security clearance.ResponsibilitiesValidate assigned systems' compliance with all applicable Security Controls, including developing the appropriate test procedures, if necessary; executing the test procedures; and accurately documenting the results of security testing. Update the A&A validation report and the Security Assessment Report (SAR) as well as any applicable artifacts necessary for the assigned system(s). Obtain or receive system or site information and use it to evaluate security features of the IT system or site to be assessed and authorized. Document Assessment and Authorization (A&A) information in the Comprehensive Risk Management Framework (RMF) and Department of Defense Information Assurance C&A Process (DIACAP) packages ensuring internal consistency of the information and there are no omissions. Assist in the System Categorization process and also in the selection, documenting, implementation, and initial testing of Security Controls. Review test plans and procedures to ensure the test plan addresses the correct level of effort and is sufficiently comprehensive to validate all Cybersecurity requirements applicable to the IT system or site being assessed and authorized. Evaluate all discrepancies to recommend mitigation measures for reducing or eliminating specific risk items. Develop the SAR and Certification Determination Letter (CDL) for the IT system or site seeking certification. Work with the system points of contact (POCs) (ie Information System Security Engineer (ISSE)/Information Systems Security Officer (ISSO), Systems Administrators (SA)) to determine fixes or mitigation for weaknesses and to determine the level of revalidation testing that is necessary if immediate fixes are not applied. Verify the accuracy of Plan of Actions and Milestones (POA&Ms)/Risk Assessment Reports (RARs) as identified by vulnerability actual test results. Determine when the A&A Package is complete and ready for submittal to the ISSM for review and approval. Perform validation activities after submission of Security Controls by the ISSE/ISSO are entered into eMASS. Perform Validator RMF process steps in accordance with RMF Process Guide (RPG). Conduct a complete security control validation and assessment of technical and non-technical security features of a system or network to address known threats and vulnerabilities. The evaluation must consider and identify impacts as well as consideration of existing risk mitigation strategies. Develop, initiate, implement, update, review, sign, and submit the Security Assessment Plan (SAP), RAR, SAR, Security Plan (SP), SAR Executive Summary, RAR Executive Summary, Information Systems Continuous Monitoring (ISCM) Strategy, POA&M, and Security Authorization Package. Track compliance of the security controls throughout the lifecycle of the system. Assist in continuous monitoring efforts/annual security reviews to comply with FISMA requirements. Coach and mentor assigned staff.Assist with business development and proposal efforts. QualificationsMust possess an active Department of Defense (DoD) Secret security clearance.Five (5) or more years of project management experience, with at least three (3) years involving federal government programs.Six (6) or more years of related practical experience in Cybersecurity, Engineering Test and Evaluation (T&E), or A&A related field.Three (3) years of Navy-specific experience performing Validator tasks with C&S and/or A&A packages.Knowledge of Risk Management Framework (RMF).Experience with Interim Authority To Test (IATT), DIACAP and Platform Information Technology (PIT) Systems.Direct Validator knowledge and experience utilizing the Navy's instance of eMASS. Proven ability to lead and direct challenging projects and execute assignments independently within the scope of the contract.Demonstrated experience providing administrative oversight, corporate management, and ability to provide overall technical, schedule, and cost direction. Excellent written and verbal communication skills.Excellent organization and time management skills. It is ProSphere's policy to promote equal employment opportunities. All personnel decisions, including, but not limited to, recruiting, hiring, training, promotion, compensation, benefits and termination, are made without regard to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identity, citizenship status, veteran status, disability or any other characteristic protected by applicable federal, state or local law.