Client: Department of Energy (DOE)
Location: DMV Metropolitan Area
Role: A&A Specialist – Mid
Location: DMV Metropolitan Area
Reports To: BPA PM
An A&A Specialist – Mid to support a DOE – Cybersecurity Assessment & Authorization (A&A) Support Services BPA Task Order. The work location will be at a DOE facility located in the DMV Metropolitan Area.
The A&A Specialist – Mid is responsible for conducting, and at times leading, a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization). The A&A Specialist will provide an assessment of the severity of the deficiencies discovered in the system and recommend corrective actions to address the vulnerabilities. The A&A Specialist will prepare security and privacy assessment reports containing the results and findings from the assessment and pass them on to the Team Leaders.
The A&A Specialist will:
- Develop and coordinate an assessment strategy for specific systems, working with system owners and ISSOs
- Participate in key discovery sessions, such as inventory determination and boundary identification
- Lead or participate in meetings with stakeholders to execute the Assessment and Authorization process activities
- Participate in, or lead, development of a Security Assessment Plan, working in consonance with the stakeholders
- Assess the controls in accordance with the assessment procedures described in assessment plans.
- Prepare the assessment reports documenting the findings and recommendations from the control assessments, to include populating the System Security Plan and POA&M development
- Document assessment results and processes in any governance tool or methodology used by the agency
- Conduct initial remediation actions on the controls and reassess remediated controls
- Develop supporting documentation, to include the Security Assessment Report, Risk Assessment Report, and other agency-specific artifacts
- Assess the controls implemented within and inherited by the system in accordance with the continuous monitoring strategy
- Possess and apply comprehensive knowledge on multiple complex work assignments
- Contribute to deliverables and performance metrics where applicable
- Bachelor’s degree or equivalent work experience from an accredited university in Computer Science, Software Engineering, Business Administration, Management, or another scientific or technical discipline.
- 5 years of relevant experience.
- Professional cybersecurity certification (e.g. CISSP, CISM, CISA, CEH, Sec+, CCNP, GCIH, GCED, or CASP+).
- Ability to obtain a Secret (or above) National Security Clearance.
Why is this a Compelling Position?
As an A&A Specialist, you will
- Implement and shape key policies and processes to protect government agencies’ data and systems
- Interface with system owners and operators and the system security officers to deploy and instantiate cybersecurity compliance and risk-based practices, all while leveraging state of the art technologies and approaches
- Be a trusted member of the security team, and a key advisor to system owners and operators in building a culture of risk awareness and cybersecurity compliance and operations.
- Help our federal agencies protect themselves against our nation’s adversaries and sophisticated cyber threats
For more information, view the full position description here.