Execute all phases of the US Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)/Risk Management Framework (RMF) transformation, conduct all activities in achievement of required authorities to operate. The Information Assurance Analyst shall ensure planning and execution of security tests and evaluations and provide a comprehensive risk assessment as part of their individual delivery/task order fulfillment. The position shall support the A&A of programs using DIACAP/RMF, Secret and Below Interoperability (SABI), and Director of Central Intelligence Directive (DCID) 6/3, Intelligence Community Directives (ICD) 503, Joint Special Access Program Implementation Guide (JSIG), and/or Common Criteria processes. The contractor shall also perform analysis related to the development of security test plans, procedures, reports, and assessments.

This effort shall include the following specific subtasks:

Generation of the DIACAP/RMF documentation package that meets all DoD/DHS requirements

and is tailored to a specific system to include but not limited to: Security Categorization Determination, Implementation Plan

System Security Plan (SSP), Configuration Management Plan (CMP), Incident Response Plans (IRP), Contingency Plans (CP), Authorization documentation, IT Security Plans of Action & Milestones (POA&Ms), Scorecards, Security

Assessment Reports (SAR), Continuous Monitoring Strategy, Hardware/Software lists, Threat Models, Cybersecurity Strategy, Network Topology, Network Cybersecurity Boundary Diagrams, and Data Flow Diagrams.

Minimum Qualifications

• B.A. or BS in computer science, information technology, or a related discipline
• DoD 8570.01-M, Cyber Security Assurance Workforce Improvement Program IAT Level 2 certification or higher
• Four years of job-related experience
• Four years of experience as an information assurance professional
• Experience with DoD Risk Management Framework (RMF) implementation

Desired Qualifications

• The use of tools, such as but not limited to eMASS, XACTA, MCCAST, and RSA Archer for automating the A&A process will be required. Security Controls and DIACAP/RMF documentation shall be generated and included in the packages.
• CISSP or IAT Level 2 Certification
• Experience operating GCCS-I3 or Jopes
• Excellent analytical skills to complement the cyber security team.

Position is contingent contract award

EEO Statement:

We are an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.