Client: Department of Energy (DOE)
Location: DMV Metropolitan Area
Role: Senior A&A Specialist
Location: DMV Metropolitan Area
Reports To: BPA PM
A Senior A&A Specialist to support a DOE – Cybersecurity Assessment & Authorization (A&A) Support Services BPA Task Order. The work location will be at a DOE facility located in the DMV Metropolitan Area.
The Senior A&A Specialist is responsible for conducting a comprehensive assessment of implemented controls and control enhancements to determine the effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization). The Senior A&A Specialist will provide an assessment of the severity of the deficiencies discovered in the system and recommend corrective actions to address the vulnerabilities. The A&A Specialist will prepare security and privacy assessment reports containing the results and findings from the assessment and pass them on to the Team Leaders.
The Senior A&A Specialist will:
- Assist DOE leadership with Risk Management and A&A strategy, development, and execution.
- Serve as subject matter expert, possessing a working knowledge of the Risk Management Framework and A&A areas, such as cyber security principles, cyber security operations, and cyber security compliance
- Possess an understanding of the integration of the various components of IT and cyber security in creating an integrated approach to risk management and cybersecurity for an organization
- Work closely with System Owners and ISSOs in preparing and executing A&A activities, and developing compliance and security strategies
- Lead and perform assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) and agency directives
- Lead cybersecurity analysis in preparation for A&A reviewing and validation of all associated cybersecurity documentation and technical controls
- Develop System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation
- Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
- Identify potential risks associated with system configurations and advise on mitigation strategies
- Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
- Assist to estimate Level of Effort (LOE) involved in performing A&A activities
- Assist to develop and implement detailed test plans and review findings from self-assessments to determine readiness for independent validation and verification (IV&V) assessment
- Assist customer program offices in interpreting and applying mitigation strategies
- Conduct IV&V assessments and analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements
- Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document
- Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
- Produce risk assessment artifacts describing initial risks during system development and residual risks identified during IV&V
- Maintain cybersecurity policy and processes as assigned
- Manage and track systems or programs involved in the A&A process; manage A&A projects on governance tools (as applicable)
- Manage teams performing assessments and executing the A&A process
- Participate in the development and implementation of security related directives and guidance for Cybersecurity; Information Technology; and Information Management
- Promote an environment of continuous process improvement, learning, and team collaboration
- Bachelor’s degree or equivalent work experience from an accredited university in Computer Science, Software Engineering, Business Administration, Management, or another scientific or technical discipline.
- 8 years of relevant experience.
- Professional cybersecurity certification (e.g. CISSP, CISM, CISA, CEH, Sec+, CCNP, GCIH, GCED, or CASP+).
- Ability to obtain a Secret (or above) National Security Clearance.
Why is this a Compelling Position?
As a Senior A&A Specialist, you will
- Implement and shape key policies and processes to protect government agencies’ data and systems
- Interface with system owners and operators and the system security officers to deploy and instantiate cybersecurity compliance and risk-based practices, all while leveraging state of the art technologies and approaches
- Be a trusted member of the security team, and a key advisor to system owners and operators in building a culture of risk awareness and cybersecurity compliance and operations.
- Help our federal agencies protect themselves against our nation’s adversaries and sophisticated cyber threats
For more information, view the full position description here.