Full Time Employee
Systems Security Accreditation Expert (Job Number:427165)
- Advise and support the government on the life cycle integrated system security accreditation, to include review of Request for Change (RFCs), Engineering Change Proposals (ECPs), related Certification and Accreditation (C&A) documents, attend design reviews as required, and ensure requirements are identified and documented.
- Provide support to the Program office to ensure that all aspects of each Information System (IS) from initial concept, through development, to implementation and system maintenance, and continuous monitoring meet applicable ODNI C&A requirements
- Review and provide comments on accreditation plans
- Provide advice and support to manage throughout the life cycle including cost, schedule, and performance system development, and after initial operating capability (IOC) transitions the systems to operations.
- Provide advice and support to during the early stages of the system life cycle to initiate the C&A process, and negotiate the security requirements that must be met
- Assist the government with the responsibility to ensure that security guidance flows from the program office to the developer for satisfying the requirements to deliver the system, to include the schedule for delivering a certified and accredited system
- Evaluates and provides input to the RFCs, RFPs and any other taskers or actions as required.
- Collaborate with the C&A team to ensure the necessary milestones are reflected within the Master Schedule
- Identify and track C&A related issue to ensure closure and prevent impacts to the schedule
- Support various related reviews (TRR, ROMB, etc) as assigned or directed by the government
- Coordinate, participate, and represent the program office in registration meetings to formally register all information systems with the Designated Approval Authority (DAA)
- Ensure System Security Authorization Agreement (SSAA) documents are properly prepared, maintained, and accurately reflects the definition, development, security testing processes, and relevant security requirements
- Perform required actions to ensure all Information Systems are properly entered and maintained using the XACTA Information Assurance web application
- Review and submit evidence of completion to all DAA directed liens via a Plan of Action and Milestones (POAM) for information systems to ensure the Program Manger is in compliance with ODNI guidance to maintain continuous monitoring of accredited information systems
- Review all aspects of proposed system security plans to ensure the system is being developed in compliance with ODNI security guidelines, agency policies, and Intelligence Community Directives
- Ensure Vulnerability Assessment Testing (VAT) is scheduled and completed on an annual basis and any findings are addresses in a POAM
- Ensure that appropriate Information Assurance Vulnerability Alerts (IAVA) are reviewed, assessed, and responded to in a timely manner
- Prepare a staff summary sheet (SSS) and brief for all systems that require a cross domain solution
- Maintain routine interface with the ODNI C&A team (IAO, CE, and DAA) and keep them informed of any pending changes to the system baseline which may impact security
- Coordinate and negotiate the formal Rules of Engagement technical meeting with the penetration testing and vulnerability testing teams to discuss the rules, assessment activities, requirements, and other activities associated with conducting penetration and vulnerability testing on systems requiring a cross domain solution
- Schedule and coordinate Penetration Testing for all systems that require a cross domain solution, ensuring that agreed to Rules of Engagement are followed by the PEN team during test events
- Review and provide input on security related test procedures prior to readiness reviews.
- Ensure audit trails are periodically reviewed and report compliance to ODNI Information Assurance Officers (IAO) and that audit records are maintained and archived for future reference.
- Clearance Level Required: TS/SCI with Poly
REQUIRED EDUCATION AND EXPERIENCE:
- 14+ years of relevant experience and a bachelor's degree is required
- In-depth understanding of the system security accreditation process
- Demonstrated understanding of Certification and Accreditation processes.
DESIRED EDUCATION AND EXPERIENCE:
- Excellent oral and written communication skills
- Customer- service and goal oriented
- Excellent oral and written communication skills
- Ability to work independently and as a team member under tight deadlines with changing priorities
- Trained and experienced with using the XACTA Information Assurance web application.
- Maintain a professional certification as a Certified Information Systems Security Professional (CISSP)
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC provides systems engineering and integration offerings for large, complex projects. Headquartered in McLean, Virginia, SAIC has approximately 15,000 employees and annual revenues of about $4.3 billion.
EOE AA M/F/Vet/Disability
Job Posting: Apr 28, 2017, 6:51:49 PM
Primary Location: United States-VA-SPRINGFIELD
Clearance Level Must Currently Possess: Top Secret/SCI
Clearance Level Must Be Able to Obtain: Top Secret/SCI with Polygraph
Potential for Teleworking: No
Travel: Yes, 10% of the time
Shift: Day Job