Review and evaluate System Security Plans (SSPs), System Security Authorization Agreements (SSAAs), systems and networks diagrams, Security Requirements Traceability Matrices (SRTMs), Risk Assessments, and associated Information Systems (IS) Certification and Accreditation (C&*A) documents in accordance with Department of Defense (DoD), Intelligence Community (IC), National and Agency standards; observe, evaluate, and document IS security certification testing and prepare Security Certification Test Reports (SCTRs) with findings and recommendations regarding systems; Approval To Operate (ATO). Inspect systems, networks, sites for compliance to InfoSec standards and policies. Additional duties include producing periodic progress reports, preparing various forms of correspondence concerning deficiencies and statuses of SSPs/SSAAs, maintaining and reporting statistics on personal C&A efforts. Knowledge of DoD, IC, and National Security Policies, Regulations, Directives, and Instructions.
BS/MS and at least 12 years of experience in the field or in a related area. Familiar with a variety of the field’s concepts, practices, and procedures. Relies on extensive experience and judgment to plan and accomplish goals and independently performs a wide variety of complicated tasks. May provide consultation on complex projects and is considered to be the top level contributor/specialist. May lead and direct the work of others. May report to an executive or director.
Identify critical assets and infrastructures and provide assurance through research, analysis, assessment, and remediation. Research the national and international infrastructure (i.e., computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein) requirements of industry and other Government agencies, all of which needs to be included in the protection planning. Address the assurance and protection of commercial assets and infrastructure services in DoD acquisitions. Assess the potential impact on military operations that would result from the loss or compromise of infrastructure service.
Research and develop strategies for 6 of the 10 defense critical infrastructure sectors. Research and analyze emerging technologies and methodologies relating to the protection of the defense critical infrastructure sectors. Technology could include network development and analysis tools, failure modeling and simulations, analysis of data streams, development of new affordable, transportable utility components, telecommunications, blast analysis and protection, and surveillance methods and technology: Transportation; Global Information Grid/Command and Control; Intelligence, Surveillance, and Reconaissance; Space, Logistics; and/or Defense Industrial Base.
Arlington, VA; Alexandria, VA; Ft. Belvoir, VA
Must have an active Secret clearance, Top Secret preferred