Hybrid/remote Authorization and Assessment Lead - Fort Meade, United States - Kingfisher Systems, Inc.

Kingfisher Systems, Inc.

Verified Company

Fort Meade, United States

1 day ago

Posted by:

Mark Lane

beBee recruiter

Description

**Assessment and Authorization Lead
**Kingfisher Systems, Inc. (Kingfisher) specializes in providing a full range of Information Technology, Cybersecurity, Intelligence, and support services to the U.S. Government. Kingfisher's core competency is technology-enabled services with a specific focus on national security. Since 2005, Kingfisher has established itself as a recognized and trusted partner whose mission is safeguarding sensitive information, operations, and programs for our Federal customers and U.S. warfighters.

Kingfisher is actively seeking a highly skilled and dynamic individual to fill the pivotal role of Assessment and Authorization (A&A) Lead within our esteemed organization.

This role requires exceptional expertise and proficiency in guiding and overseeing the assessment and authorization processes.

As the A&A Lead, you will play a crucial role in ensuring the security and compliance of our systems and infrastructure.

You will be tasked with spearheading comprehensive assessments, developing strategic authorization plans, and collaborating closely with cross-functional teams to implement effective security measures.

Duties and responsibilities will include but are not limited to: _
A&A Lead shall support the A&A for ACAS capabilities on both NIPRNET and SIPRNET.
Provide security engineering to the Government and support A&A activities for test and production systems to maintain compliance with DoD 8500 series publications, Federal Information Processing Standards, and National Institute of Standards and Technology (NIST) Special Publications.
A&A Lead shall coordinate with the Governmentspecified A&A team to timely remediate security defects on any open findings on the test and production systems.
A&A Lead shall support the Information Systems Security Manager (ISSM) team in collecting information and answering DTO and OPORD.
Provide the Ports, Protocols, and Service Management (PPSM) information for ACAS and shall assist the ISSM with submitting the information to the Government PPSM system of record.
Perform preparation of the necessary accreditation documentation, to include a System Security Plan to describe the protection and sustainment of the Cyber Security requirements to comply with applicable Security Controls of the ACAS capabilities.
Perform preparation of the accreditation packages that show the certification status of the system in the Governmentfurnished format, to include change request forms and supporting documentation for major change management activities.
Ensure that the accreditation package(s) contains accurate information and is maintained in a current status, to include updates to the implementation plan.
Perform all the required A&A data entry and artifact submissions to the unclassified and classified Enterprise Mission Assurance Support Service (eMASS) and DISA Requirements Task System (RTS).
Maintain the Lifecycle A&A Plan that addresses the process, procedures, and timing of A&A activities for new software and software updates/upgrades across the anticipated lifecycle of the product(s).

- _A&A Lead shall perform the following: _

Plans of Action and Milestones (POA&M) development
Mitigation strategy for findings that cannot be fixed immediately
All current and future required accreditation documentation for the Risk Management Framework (RMF)
Registration information (shall be within required documents above)
Information Assurance Vulnerability Alert (IAVA) review and compliance
Responsible for monitoring system security and performing configuration management and security operations activities to ensure an acceptable level of residual risk is maintained as determined by the DISA RME and/or DISA Authorization Official (AO).
System monitoring includes security patches, hotfixes, Security Technical Implementation Guide (STIG) updates, IAVA updates, and Security Requirements Guide (SRG) updates.
Perform assessments for all STIG and IAVAs in the agreedupon format and medium and submit a written STIG/IAVA compliance report of all discrepancies.
Maintain and update an SRG for the ACAS capability, which includes STIGs or system configurations that cannot be implemented until the capability is implemented at the operational site. As new STIGs are released, the contractor shall evaluate and update the SRG.
Update and maintain a Continuity of Operations (COOP) and Information System Contingency Plan (ISCP) for the ACAS capability.
Conduct an annual exercise of the COOP or ISCP with all appropriate support personnel and update the operations strategy and architecture documents to reflect any needed changes.

Required Qualifications:

Proficiency in Microsoft Office Suite
Understanding, experience, and knowledge of Cyber Security Assessment, Authorization, and Implementation processes and procedures
Experience with Assured Compliance Assessment Solution (ACAS) NIPRNet, SIPRNet, Nessus, Tenable, Security Center
Knowled