Contingent position pending award of contract in April 2014. Work expected to begin in May 2014. Services contract is to provide security accreditation support for approximately 420 Certification and Accreditation (C&A) efforts over three years, with approximately 140 efforts projected for each year.
Reviews Federal, DoD and US Army (25-2) regulations, policies, procedures, standards and guidelines in preparation for and the conducting of DIACAP validation assessments.
Participates in technical interchange meetings with customers to gather data for preparation of validation assessment activities.
Evaluates IA documentation and operational activities to ensure they meet regulatory requirements.
Performs security assessment scans and activities on a variety of information systems.
Ensures that all required and applicable information security controls have been properly identified, implemented and maintained as intended.
Prepares for and conducts security assessment briefings.
Creates, reviews and edits C&A documentation.
Drafts risk assessment reports based on findings from the validation assessment activities.
Provides support in all areas of information system security, including physical security, administrative security, personnel security, computer security, operations security, and industrial security.
Provide technical assistance and guidance to system owners who are preparing for Defense Information Assurance Certification and Accreditation Program (DIACAP) validation assessments.
Support DIACAP preparation, validation, and processes to assure IA controls are being met, to include onsite assist visits.
Perform security test and evaluation engineering support and generating DIACAP scorecards.
Review, create and maintain IA documentation (e.g. SIP, SSP, DIP) and other DIACAP artifacts.
Provide DIACAP validation support to the Agent of the Certification Authority (ACA).
Other C&A and validation support duties as assigned.
Occasional CONUS travel 20%
Other duties may be assigned
Experience and Skills:
Bachelors degree in CS, CIS, or five plus (5+) years of related field experience.
Three or more (3+) years of solid DIACAP experience and consulting to DoD Organizations using the NIST and DoD security requirements.
A DoD IAT Level 2 certification (GSEC, SCNP, SSCP, Security+).
A technical certification, such as, MCP, MCITP, MCSE, CCSP, CCNA, LPIC or UNIX also required.
Working/hands on experience with DIACAP package creation.
Possess effective communications skill, both written and oral.
Ability to maintain sensitive and confidential information as required by government standards.
Ability to interact effectively with peers and supervisors.
Ability to interact appropriately with the public when necessary.
Be reliable and professional.
Ability to adhere to workplace rules.
Knowledge of NIST RMF.
Must be able to build logical approaches to solve difficult problems.
Preferred skills that are not required:
Working knowledge of Army Regulation 25-2,
US Army Best Business Practices (BBP's),
Completed the US Army IA Fundamentals AND STIG Training,
Experience with the DIACAP Package Generator (DPG) tool
Individual will work onsite at client location representing our firm. Individual is expected also adhere to client's policies, practices, procedures, and schedule for their specific work location. The work environment characteristics are representative of those of an employee encounters while performing essential functions of the job in a typical office/workstation situation. Able to work sitting or standing at desk and operate a computer via standard input devices such as using a keyboard and reading information on a monitor. Ability to stand and sit for long periods of time. Ability to perform repetitive motion (keyboarding, 10-key, phones). Ability to lift up to 25 pounds.
Job Level: Mid Career (2+ years)
Number of Openings: 4
Years of Experience: At least 3 Years
Level of Education: Some College