Security Control Assessor - Arlington, United States - System High Corporation

System High Corporation

Verified Company

Arlington, United States

2 weeks ago

Posted by:

Mark Lane

beBee recruiter

Description

Position Overview

The Security Control Assessor must fulfill a variety of cybersecurity functions, to include: System Administrator, Enterprise Oversight, certification and accreditation, SAP and SCI assessment and authorization (A&A), Platform Information Technology (PIT) assessment and authorization, Information Assurance and Technical Security for AIS, Information Technology (IT) Network Administration & Support, and Information System Security Officer support.

Will perform the IA tasks necessary to ensure that the existing DARPA IA program meets National, DoD, and DARPA IA standards, and continues to protect and defend DARPA information and Information Systems (IS) by ensuring the confidentiality integrity, availability, authentication, and non-repudiation of the systems.

The Senior Cybersecurity Specialist possesses experience in successfully participating in DoD Special Access Program Joint Certification and Accreditation, Assessment, and Approval events for DoD Joint cyber ranges and/or jointly accredited SAP information systems.

The DARPA systems to be protected include systems that process and store information from controlled unclassified (CUI) up to Top Secret, including SAP and SCI caveats/compartments.

Duties shall include, but are not limited to the following:

Must possess experience in successfully meeting and participating in Defense Information System Agency (DISA), National Security Agency, and USCBYERCOM Computer Network Defense Program (CNDSP) and CBYERCOM Computer Readiness Inspections (CCRI)
Experience with network security devices, classified Local Area Networks, Wide Area Networks, public key infrastructure (PKI), virtual machines, and endpoint security solutions.
DoD Instruction National Industrial Security Program (NISPOM) Operating Manual, Chapter
Defense Security Service Manual for the Certification and Accreditation of Classified Systems under the NISPOM Version
DoD Directive The DoD Insider Threat Program
NIST SP Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations
DoD Joint Special Access Program Implementation Guide (JSIG)
Committee for National Security System Policy (CNSSP) Policy (CNSSP) No. 22 on Information Assurance Risk Management for National Security Systems
CNSSP No. 26 National Policy on Reducing the Risk of Removable Media
Committed for National Security Systems Directive (CNSSD) No. 504 Directive on Protecting National Security Systems From Insider Threat
Committee for National Security System Instruction (CNSSI) No. 1253 Security categorization and Control Selection for National Security Systems
DoDD 8000.1, Management of DoD Information Resources and Information Technology
DoD Directive 8100.2, Use of Commercial Wireless Devices, Services, and Technologies in the DoD Global Information Grid (GIG)
DoDD Cyberspace Workforce Management
DoDI Cybersecurity
DoD Instruction Risk Management Framework (RMF) for DoD Information Technology
DoD Directive 8530.1, Computer Network Defense (CND)
DoD Instruction 8530.2, Support to CND
DoD Instruction 8551.1, Ports, Protocols, and Services Management (PPSM)
DoD Manual M Information Assurance Workforce Improvement Program
DCID 6/3, Protecting SCI within Information Systems
Intelligence Community Directive (ICD) 50
Chairman of the Joint Chiefs of Staff Manual (CJCSM B Cyber Incident Handling Program
Defense Federal Acquisition Regulation Supplement (DFARS)
Clause : Safeguarding Unclassified Controlled Technical Information
DoDI Information Assurance Policy for Space Systems Used by the Department of Defense

Note:

The legacy cybersecurity/information security accreditation governance documents are listed due to the state of transition of network accreditation guidance and the fact that networks may be operating under legacy certification and accreditation guidance.

Ensure system security requirements are addressed during all phases of DARPA program life cycles (concept development, Request for Information (RFI), Request for Proposal (RFP) or BAA, Proposal, Selection, Award, Closeout, Transition, etc.).
Planning, preparing, and executing inspections, authorization and approval (A&A) events IAW with the respective policies detailed in paragraph 3.12.c. for all classifications of networks; to include the development and review of Automated Information System Authorization and Approval Packages.
Develop, review, endorse, and recommend action by the authorizing official (AO), delegated authorizing official (DAO), or designated approval authority (DAA) for system certification documentation
Conduct quality control of system accreditation packages for completeness of accreditation artifacts within 3 business days of receipt from the technology office security staffs or their cleared defense industry contractors and/or participating government age