OVERVIEW :
This role will support the Program in working with the customer’s security team towards completing the information security assurance activities that are required to obtain and maintain the Authorization to Operate (ATO) for multiple systems, with particular focus on understanding and documenting security control implementations.
GENERAL DUTIES :
Work with development and customer teams to ensure that security requirements for systems being developed or maintained by the Program are identified, understood, implemented, and documented;
this includes understanding and writing thorough and appropriately supported security control implementation statements
- Support development and customer teams with various phases of the NIST RMF framework, as required to obtain and maintain security authorization of information systems
- Support activities pertinent to determination and documentation of system security categorization, authorization boundary, data sharing, information flows, privacy impact assessments, and other aspects of the System Security Plan
- Work with development and customer teams to conduct security impact assessment activities for changes to existing systems
- Provide security guidance and instruction as necessary to personnel and development teams encompassing all security control families
- Support the development teams in responding to security control assessments performed by the customer’s RMF 4 team
- Support development and maintenance teams with tracking and documenting remediation of vulnerability scan findings and Plan of Action and Milestones (POA&Ms)
- Support tracking status of all system security authorizations and security impact assessments
- Participate in and provide security input for SAFe / Agile Program Increments and Sprint planning and execution
- Maintain positive and productive relationships with other teams, including customer security counterparts
REQUIRED QUALIFICATIONS :
- Bachelor's degree in a related field and at least 5 years’ experience or no degree with additional 4 years of experience, to include 3 years of information assurance experience
- Experience with understanding and writing security controls implementation statements
- Experience with obtaining and maintaining security accreditations using the NIST RMF for on-premises and cloud hosted systems
- Experience with developing artifacts for the System Security Plan
- Experience with analyzing and leveraging architecture and design artifacts to understand and describe security control implementations and other System Security Plan artifacts
- Experience in tracking and resolving Plan of Action and Milestones (POA&Ms)
DESIRED QUALIFICATIONS :
- Experience with security controls and ATO process for cloud-based environments and containerized applications
- Familiarity with DevSecOps, SDLC, CI / CD pipelines, and Agile processes
- Familiarity with running and / or analyzing vulnerability and configuration scans
- Familiarity with DAST / SAST
- Security+ CE or other 8570 IAT level II certification
CLEARANCE :
- Secret minimum
30+ days ago