Full Time Employee
System Security Accreditation Expert (Job Number:427553)
The System Security Accreditation Experts shall support/perform at least the following:
- Advise and support the government on the life cycle integrated system security accreditation, to include review of Request for Change (RFCs), Engineering Change Proposals (ECPs), related Certification and Accreditation (C&A) documents, attend design reviews as required, and ensure requirements are identified and documented
- Provide IC DTE support to the Program office to ensure that all aspects of each Information System (IS) from initial concept, through development, to implementation and system maintenance, and continuous monitoring meet applicable ODNI C&A requirements
- Review and provide comments on accreditation plan for IC DTE, which properly tracks the ODNI process by which the IC DTE definition, development, and security testing are to take place
- Provide advice and support to manage throughout the life cycle including cost, schedule, and performance system development, and after initial operating capability (IOC) transitions the systems to operations.
- Provide advice and support to IC DTE PO during the early stages of the system life cycle to initiate the C&A process, negotiate the security requirements that must be met, and the technical security features of the IC DTE
- Assist the government with the responsibility to ensure that security guidance flows from IC DTE PO to the developer for satisfying the requirements to deliver the system, to include the schedule for delivering a certified and accredited system
- Evaluates and provides input to the IC DTE PO RFCs, RFPs and any other taskers or actions as required.
- Collaborate with the C&A team to ensure the necessary milestones are reflected within the Master Schedule Identify and track C&A related issue to ensure closure and prevent impacts to the schedule
- Support various related reviews (TRR, ROMB, etc) as assigned or directed by the government
- Coordinate, participate, and represent the IC DTE PMO in registration meetings to formally register all IC DTE related information systems with the Designated Approval Authority (DAA) for IC DTE Ensure the System Security Authorization Agreement (SSAA) documents for IC DTE are properly prepared, maintained, and accurately reflects the definition, development, security testing processes, and relevant security requirements
- Perform required actions to ensure all DTE related Information Systems are properly entered and maintained using the XACTA Information Assurance web application
- Review and submit evidence of completion to all DAA directed liens via a Plan of Action and Milestones (POAM) for IC DTE information systems to ensure the Program Manger is in compliance with ODNI guidance to maintain continuous monitoring of IC DTE accredited information systems
- Review all aspects of proposed system security plans to ensure the system is being developed in compliance with ODNI security guidelines, agency policies, and Intelligence Community Directives Ensure Vulnerability Assessment Testing (VAT) is scheduled and completed on an annual basis and any findings are addresses in a POAM
- Ensure that appropriate Information Assurance Vulnerability Alerts (IAVA) are reviewed, assessed, and responded to in a timely manner
- Prepare a staff summary sheet (SSS) and brief for all systems that require a cross domain solution
- Maintain routine interface with the ODNI C&A team (IAO, CE, and DAA) and keep them informed of any pending changes to the system baseline which may impact security
- Coordinate and negotiate the formal Rules of Engagement technical meeting with the penetration testing and vulnerability testing teams to discuss the rules, assessment activities, requirements, and other activities associated with conducting penetration and vulnerability testing on systems requiring a cross domain solution
- Schedule and coordinate Penetration Testing for all systems that require a cross domain solution, ensuring that agreed to Rules of Engagement are followed by the PEN team during test events
- Review and provide input on security related test procedures prior to readiness reviews.
- Ensure audit trails are periodically reviewed and report compliance to ODNI Information Assurance Officers (IAO) and that audit records are maintained and archived for future reference.
- Architects, plans, configures, deploys, maintains, and upgrades COTS/GOTS and custom toolsets to address vulnerabilities and/or implement security controls.
- Applies a combination of expert engineering knowledge of enterprise IT and security solutions to design, develop and/or implement solutions to ensure they are consistent with enterprise architecture security policies and support full spectrum military cyberspace operations.
- Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions.
- Includes security control design and solution planning at the system, mission, and enterprise level, security-in- depth/defense-in-depth, and other related IAM/ISSO/ISSE support functions.
- Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
- Researches and evaluates cyber capabilities and new security tools and products against operational requirements and introduces them to the enterprise in alignment with IT security strategy, and to support the offensive and defensive capability design and troubleshoot and problem solve technical and non-technical issues.
- At the Leadership level this is senior technical staff dedicated to transforming customer environments into a more secure operating environment in a holistic manner.
- Clearance Level Must Possess: TS/SCI
REQUIRED EDUCATION AND EXPERIENCE:
- An understanding of the system security accreditation process
- Demonstrated understanding of Certification and Accreditation processes.
DESIRED EDUCATION AND EXPERIENCE:
- Bachelors and eighteen (18) years or more experience; Masters and sixteen (16) years or more experience; PhD or JD and fifteen years or more experience.
- Excellent oral and written communication skills
- Customer- service and goal oriented
- Excellent oral and written communication skills
- Ability to work independently and as a team member under tight deadlines with changing priorities
- Trained and experienced with using the XACTA Information Assurance web application.
- Maintain a professional certification as a Certified Information Systems Security Professional (CISSP)
- Demonstrated understanding of the IC DTE mission and its contributions to the IC ITE and IC
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC provides systems engineering and integration offerings for large, complex projects. Headquartered in McLean, Virginia, SAIC has approximately 15,000 employees and annual revenues of about $4.3 billion.
EOE AA M/F/Vet/Disability
Job Posting: May 11, 2017, 5:57:40 PM
Primary Location: United States-VA-RESTON
Clearance Level Must Currently Possess: Top Secret/SCI
Clearance Level Must Be Able to Obtain: Top Secret/SCI with Polygraph
Potential for Teleworking: No
Shift: Day Job