Full Time Employee Contractor
DCGS-A Assessment and Authorization (A&A) Engineer will research, develop, implement, test and review a system’s security posture to protect sensitive military information and prevent unauthorized access to this information within a military organization.
Overview & Responsibilities:
Writes comprehensive security analysis reports including assessment-based findings, outcomes and enter this data into DoD Information Assurance Management data bases for evaluation by Authorizing Officials to support the receipt of a Authority to Operate (ATO) for the systems.
• Describes, tests and validates security measures active on security infrastructure devices for the protection of computer systems, networks and information system
• Identifies and defines system security requirements and correlates/documents them by analysis of organizational standard security operating procedures (SOP) and protocols.
• Determines security violations and inefficiencies through security tests, evaluations and audits.
• Describes system security architectures and provides detailed descriptions for the security components of information systems.
• Recommends technical solutions and new security tools to mitigate identified or potential security vulnerabilities.
• Recommends techniques to protect system by defining access privileges, control structures, and resources required to implement these structures.
• Achieves system security operational objectives by contributing guidance and recommendations to program/project leadership.
• Prepares and completes action plans; defines production, quality, and military unit standards; resolves problems; completes security audits; identifies security and threat trends; determines system improvements; defines system security change requests.
• Recognizes problems by identifying abnormalities and reporting violations.
• Recommends improvements by assessing current security implementations and anticipating new security requirements.
• Maintains system security by implementing and maintaining security controls.
• Maintains technical knowledge by attending educational workshops; reviewing publications and coordinating hardware and software evaluations with vendors.
Mandatory Skills & required experience:
Qualifying Information Assurance certification such as CISSP, CISM, CAP or CISSP-ISSEP in accordance with DoDD 8570.1.
• JWICS accreditation experience and RMF knowledge
• Must have Cross Domain Solution (CDS) experience or knowledge
• Thorough understanding of the latest security controls, testing techniques, and implementation of these controls.
• Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols
• Highly analytical, detail oriented, and effectively able to troubleshoot and prioritize needs, requirements and other issues
• Excellent communication, teamwork, leadership and conflict management skills. Because of the constant evolving nature of information systems development and cyber-attacks the A&A engineer must be committed to continuous learning and skill development.
Preferred Skills & experience:
Information Security Policies (ICD 503, RMF, CNSSI 1253, and NIST SP 800 Series), System Development, Network Security, Change Management Control, Process Improvement, Quality Management, Technical Management, Test and Evaluation Procedures, Problem Solving, Analyzing Information, System Administration, Network Protocols, Knowledge of Networking Equipment (Routers, Hubs, and Switches)
To apply for this job, contact: