This position is located in our MD, Patuxent River facility
Candidate will provide direct IA support to Program Management Air (PMA). He or she will be responsible for drafting/reviewing DIACAP packages and providing guidance with respect to the development of C&A documentation. He or she will review security architecture configurations to ensure they meet new and evolving security requirements. The candidate will be responsible for reviewing and assisting with the development of appropriate documentation required for C&A, Clinger Cohen Act activities, DITPR-DON, FAM, DADMS and FISMA reporting. Examples include but are not limited to DIACAP C&A Plans, IA Control Implementation Plans, Validation Plans and Validation Reports, system security plans, contingency plans, privacy impact assessments, tracking plan of action and milestones (POA&Ms), etc. The candidate will provide recommendations to the system owners/Program Managers/IPT Leads regarding how to maintain the accredited security posture of the system in accordance with DoD/Navy policy. The candidate shall review and develop risk mitigation strategies.
The candidate may be required to test, validate and document compliance with IA controls for major acquisition programs as assigned. The candidate will be required to review and/or assist with facilitating the development of Security Interconnection Agreements/Security MOAs and/or IATTs in support of interconnections and class platform deployments.
He or she will be providing IA engineering support with respect to evaluating technical risks and reviewing C&A documentation for PMA's and/or major acquisition programs.
Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
10-15 years of related experience in data security administration.
-Must have experience with Cross Domain Solution (CDS).
-Must have knowledge with Navy Cross Domain Solutions Office and CDS Certification & Accreditation process of CDS
Candidate should be an INFOSEC Engineer with experience in managing and leading efforts in the review, application, and maintenance of IA policies and C&A procedures for Programs of Record (POR) acquisition programs. Experience should include performing Information Assurance/security analyses and risk/vulnerability assessments along with evaluating IA technologies and secure solutions for applications, systems, and platform interconnections/interfaces. Candidate must have hands-on experience with the DoD IA Certification and Accreditation Process (DIACAP). Experience in the use of eRetina and DoD mandated Security Technical Implementation Guides (STIGs), NSA Guides, Security Checklists and Security Readiness Review (SRR) Scripts and Enterprise Mission Assurance Support Service (eMASS). In-depth knowledge of NAVAIR IA program and processes for all levels of DIACAP Certification & Accreditation. Keen knowledge of the System Engineering Technical Review (SETR) processes for all levels of Acquisition program (ACAT I-IV and Abbreviated Acquisition Program (AAP)).
Knowledge of weapons systems, sensors, and major aircraft programs is a plus.
Knowledge of systems with authorized networked interoperability with allied forces and policies regarding foreign disclosure and release of information is desired.
Knowledge of DoD/Navy Firewall Policy (Ports, Protocols and Services) is required.
Hands on experience developing mitigations strategies for vulnerability scans.
The candidate must be able to work well in a stressful environment.
The candidate must organized and able to work effectively as a team player.
In addition to having technical expertise, the candidate must have *excellent* communication skills as he or she will have a direct interface to senior leadership and will be expected to brief security status, technical risks, and proposed secure solutions. The candidate may have to brief the program's security posture at collaboration meetings with the ODAA Staff with respect to the certification and accreditation of circuits. The candidate must be able to formally train users with respect to current Information Assurance policies, processes and requirements.Click Here to Apply