INFOSEC A&A AUDITOR
INFOSEC A&A AUDITOR
Candidate must have TS SCI and Polygraph in order to be considered.
Our clients program provides cyber operational efficiency to help our customers reduce their exposure to cyber threats. The team is looking to bring on a Cyber Analyst with the ability to perform the procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
- INFOSEC skilled in cybersecurity and cyberspace defense processes, procedures, and governance that will provide impactful contributions to the Cyber Security Auditing section.
- The qualified candidate will be responsible for Risk Management Framework (RMF) Security Control Assessment and Authorization (A&A) of management, operational, and technical security controls used to protect, detect, characterize, counter and mitigate network and system vulnerabilities and security events, to improve the security posture of Department of Defense (DOD) and Intelligence Community (IC) networks and information systems.
- The candidate will perform recurring, world-wide RMF A&A on behalf of the Defense Intelligence Agency (DIA) Cybersecurity Service Provider (CSSP) Program Management Office (PMO) for General Services (GENSER), and Special Access Program (SAP) / Special Access Requirements (SAR) CSSPs in accordance with (IAW) DODI-8530.01, CJCS 6510 series, and IC Directives and Standards; and for sites connected to the Joint Worldwide Intelligence Communications (JWICS) backbone IAW DIA JWICS Connection Approval Program (JCAP) policy.
Day to Day Responsibilities:
- Ensure the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices.
- Conducting world-wide SAP/SAR and GENSER CSSP security control assessments to improve services and standards
- Conduct internal assessments of the DIA CSSP SAP/SAR and GENSER program
- Coordinate remediation of DIA internal assessment findings with responsible DIA support offices to ensure mitigation
- Provide monthly Plan of Action and Milestones (POAM) metrics for DIA internal assessments
- Develop auditor requirements and recommendations for Cyberspace Defense Services (CDS) assessments for sites connected the JWICS backbone in support of JCAP
- Perform security assessments at remote sites with collateral (includes, but not limited to, NIPR/SIPR) and/or TS/SCI under DI A’ s purview and/or managed by DIA, includes all organizations with networks connected to Core backbone & their backsides.
- Perform security assessments of contractor sites processing and storing DIA collateral (includes but not limited to, NIPR/SIPR) and/or DOD TS/SCI data.
- Assists with implementation of counter-measures or mitigating controls
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
- May perform Computer Security Incident Response activities for a large organization, coordinates with other government agencies to record and report incidents.
- May perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
- May serve as a technical team or task leader.
- A&A System Testing
Job Type: Full Time