Full Time Employee Contractor
Application Security Service Line Lead
The Application Security Service Line Lead will provide technical, administrative and security management services for the area of A&A by conducting IT evaluations and assessments and performing documentation support services for solutions developed by the program. Additionally, the Application Security Service Line Lead will ensure full compliance with the client IT security program.
- Perform A&A of all Contract, Contractor-Supplied Images, applications and stand-alone systems and general support systems used in support of the client support services contract.
- Depending on the classification of a system, the Contractor shall use the client guidelines for conducting information system certifications. In addition, the Contractor shall use current Guides to the Certification and Accreditation Process as guidance for the client certification methodology.
- Comply with the defined A&A process. The process consists of (i) generating an information system initial risk assessment report, (ii) developing the system security plan (SSP), and, (iii) supporting the security testing and evaluation, independent verification and validation, independent audits. The SSP is updated in each phase/step as the system development progresses and new information becomes available.
- Obtain, retrieve, compile, draft and prepare necessary documentation for inclusion to the SSP. The Contractor shall ensure that all drafts go thru Quality Assurance Review prior to delivery.
- Verify the accuracy of the System Security Plan (SSP), system architectural diagrams and identity of the systems being accredited as SBU, Classified, or higher levels.
- Provide guidance to application development teams on techniques and methods for incorporating good security practices into the development lifecycle
- Perform and conduct independent Test and Evaluation to ensure that the system?s confidentiality, integrity and availability are maintained at the standards that are in accordance with client and Contract standards including Federal Information Processing Standards (FIPS) 140 and 199
- Perform System Architectural Analysis to include review of network connections and interfaces, review system application specification and requirements, specifically those relevant to system security and review other pertinent system development life cycle documentation.
- Assemble packages at the direction of the Government Client or Contract Management and provide copies of the package as needed.
- Prepare the package for delivery to management in order to obtain signature from the Certification Authority, who grants certification and the DAA or Authorizing Official, who grants the accreditation, which results in an approval to operate the system.
- Monitor dashboards to ensure and assist in validating that all security criteria and regulatory requirements are maintained and that changes that affect the A&A documentation are denoted.
- Use the government-appointed tool to input information or create an A&A package during the A&A process.
- Maintain compliance with both client IT Security policies and client?s continuous monitoring reporting requirements as required by the Federal Information Security Modernization Act (FISMA).
- Responsible for the development of IT security policies and maintaining acceptable level of integrity in use of IT on the contract. Responsible to develop IT security and protection training to all staff and specialized IT training to IT security staff.
- Responsible to report in breeches or attempt in beeches in IT security per the developed IT Security Plan.
- Responsible to develop the IT Security Plan.
- Report on program security status at monthly program reviews
- Must have a Bachelor's Degree in a related field.
- Must have an active CISSP
- Must have a minimum of 10 years experience of Information Systems Security in support of client or the DoD.
- Must be able to pass a CGI background check to start and maintain employment.
- Due to the nature of this government contract, US Citizenship is required.
- ITIL certification preferred
This is a great opportunity to join a winning team. CGI offers a competitive compensation package with opportunities for growth and professional development. Benefits for full-time, permanent members start on the first day of employment and include a paid time-off program and profit participation and stock purchase plans.
We wish to thank all applicants for their interest and effort in applying for this position, however, only candidates selected for interviews will be contacted.
No unsolicited agency referrals please.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary depending upon specific assignment, or upon any US government security clearance if required. Qualified applicants will receive consideration for employment without regard to their race, color, religion, sex, gender Identity, sexual orientation, national origin, age, disability, veteran status, pregnancy, or other status protected by law. CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI?s legal duty to furnish information.
To apply for this job, contact: