Information Assurance and Security Advisor

About the Role

Key Responsibilities

• Comply with the ISSM Roles and Responsibilities as laid out in CNSSI 1253, DoDI 8500.01, ICD-503, and other applicable documentation.
• Implement and monitor all steps of Risk Management Framework (RMF) process life cycle of their assigned information system(s).
• Track and coordinate with the Regional Information Assurance Director and the Peraton Information Assurance Director the Security Authorization of their assigned system(s).
• Deliver all required documentation using the current customer approved templates, forms, regulations, and methods.
• Continuously update all Security Authorization documentation as required by the customer and in accordance with applicable RMF packages.
• Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
• Maintain all required documentation for their assigned system's Authority To Operate (ATO) or information system go live dates.
• Document all relevant governing authority Security Controls and/or applicable departmental policies for each information system the ISSM is responsible for.
• Draft comprehensive Security/RMF Body of Evidence (BoE) packages and perform modifications throughout the lifecycle of the information system.
• Work closely with key stakeholders to identify additional controls to maintain a favorable security posture.
• Provide oversight and advisement on proposed change requests and their security impacts.
• Evaluate and advise on all account access requests to information systems.
• Ensure all software is tested and approved prior to deployment.
• Track software deployment to the environment.
• Manage and monitor vulnerabilities within assigned information systems.
• Generate and manage Plan of Actions & Milestones (POA&Ms) for non-compliant controls.
• Support incident response activities including remediation, documentation, and reporting.
• Perform weekly log audits for each authorized information system.
• Participate in project discussions supporting key stakeholders.
• Provide, track, and report security requirements throughout the system lifecycle.
• Work with the Office of the CISO and IAD to provide guidance for initiatives.
• Respond to data calls in a timely and detailed manner.
• Guide requests to modify technical policies such as firewall rules, ports, and protocols.
• Maintain a thorough understanding of system configurations, architecture, installed software, accounts, data flows, ports, protocols, and other relevant data.

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD.
• Active TS/SCI security clearance.
• Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/Rev5, working with System Owners (SO).
• Experience with the Assess and Authorize (A&A) process of various customers.
• CISSP, CISA or equivalent certifications (DoD 8570 IAM 2 equivalent).
• Experience with ongoing Authorizations.
• Experience with XACTA or eMASS.
• Experience with DoD Cloud Computing Security Requirements Guide (SRG).
• Experience with SCAP Compliance Checker (SCC) and Security Technical Implementation Guides (STIG).

Nice to Have

• Prior physical security (FSO/CPSO/ACPSO) experience.
• Experience interpreting ACAS, Nessus, and/or other vulnerability scanner results.
• Hands-on Xacta 360 or Xacta.IO experience.

Qualifications

• Educational qualifications include a minimum of 8 years with a BS/BA, 6 years with an MS/MA, or 3 years with a PhD.

Benefits & Perks

• Target salary range of $104,000 - $166,000 based on experience and other factors.