Princ Analyst, Info Security

Location
Newington, VA
Posted
Jun 19, 2017
Closes
Jul 24, 2017
Industry
Security
Hours
Full Time
Plan and execute A&A process for both existing and new systems.  Facilitate initial briefings and subsequent meetings of the A&A core team.

 

Recommend security requirements based on appropriate guidance, including controls and measures may be appropriate to mitigate these system vulnerabilities.

 

Develop, review and evaluate A&A documentation including the System Security Authorization Agreement (SSAA), System Security Plan (SSP), Business Impact Analysis, Risk Assessment, Security Test and

Evaluation (ST&E) plan and report, and independent reviews of the information resource. 

 

 

Prepare the A&A Evaluation Report and Plan of Action and Milestones (POA&M).  Escalate security concerns or forward the A&A Evaluation Report and supporting A&A documentation package to the certifier. 

 

Manages POA&M to ensure necessary security controls and processes are implemented.  

 

Familiar with DoDI 8510.01 and DoDI 8500.2.

  • Thorough understanding of the A&A processes and direct experience with the following A&A programs:
      Director of Central Intelligence Directive (DCID) 6/3 or JFAN 6/3DoD Risk Management Framework DoD Information Assurance Certification and Accreditation Process (DIACAP)National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Intelligence Community Directive (ICD) 503 (Desired)Security Control Selection, Implementation, and Testing,
  • Experience using security scanning software (e.g. Nessus) and risk framework management software (e.g. Telos Xacta)
  • Knowledge and understanding of the DoD vulnerability assessment and remediation process
  • Develop and maintain documentation including policies and standard operating procedures (SOP)
Education Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Qualifications 8-10 years of related experience in data security administration.

IAM Level II Certification