- Develop and prepare the required security control documents or artifacts, and conduct security control assessments, and security test and evaluation required by the respective network authorities and C&A processes such as the Risk Management Framework (RMF).
- Develop and document security design artifacts and the associated security controls that are meeting the security acceptance criteria and package the accreditation and authorization documents in support of each domain Certification and Accreditation process.
- Support Assessment and Authorization (A&A) or other RMF and cybersecurity Compliance and Auditing processes and inspections for all enterprise systems and networks; ensures validity and accuracy review of all associated documentation.
- Assist in the development of security policies.
- Perform the necessary efforts to analyze, assess, evaluate, integrate, improve, implement, test, sustain, and maintain the program’s cybersecurity posture and capabilities required by the network domain operations compliance requirements.
- Support on-site accreditation testing for networks at CONUS and OCONUS locations.
- Prepare and document the risk mitigations, and maintain and update the Plan of Action and Milestones (POA&M) as required by the network domain Authorizing Official (AO).
- Perform technical vulnerability scanning and secure configuration assessments, penetration testing and analyze the scan results, recommend the plans of action, and update the POA&M accordingly.
- Bachelor’s degree
- 8+ years of relevant work experience.
- Minimum of 5 years of working experience directly related to DoD cybersecurity Certification and Accreditation or cybersecurity engineering activities.
- DoD 8570.01-M IAM Level II certification
- Demonstrated experience, and familiarity with DoD and Army Cybersecurity Polices and Regulations, and Certification and Accreditation (C&A) process to include the provisions of ICD 503, and the planning and execution of Security Test and Evaluation (STE) and Cybersecurity Test and Evaluation (CTE) events.
- Understanding of the Risk Management Framework (RMF) process.
- A thorough understanding of Enterprise Mission Assurance Support Service (eMASS) and/or XACTA.
- Ability to work independently without direct supervision or guidance.
- Understanding of GEOINT
- Understanding of Army IC