Security Control Accessor

Type: Full Time

Location: National Maritime Intelligence Center, Washington, DC

Overtime Exempt: Yes

Reports To: ARMADA HQ

Security Clearance Required: Active Top Secret

********CONTINGENT UPON AWARD***************

Duties & Responsibilities:

• The Security Control Accessor (SCA) shall coordinate and support the security components of the NAVINTEL ICD 503 Risk Management Framework (RMF) Implementation Policies/Directives and Dept. of Navy (DON) Cyber Security Policies/Directives.
• The Security Control Accessor shall perform automated security scans, using automated tools such as Assured Compliance Assessment Solution (ACAS), Center for Internet Security (CIS) Benchmark, and Security Content Automation Protocol (SCAP), and Retina. Analyze scan results, and document findings for products as required to successfully complete Collateral and SCI-level security certification testing and evaluation (ST&E) as appropriate for the The SCA shall scan results and findings and document according to NAVINTEL IA and ICD 503 RMF processes.
• The Security Control Accessor shall perform Security Control Assessor and Validator roles. Conduct Cloud Security Assessments to include validated cybersecurity controls, certifier's recommendation, and certifier's statement of residual risk, certification assessment briefing slides, and a provisional authorization.
• The SCA shall conduct research and testing to ensure existing and evolving products/services meet current Office of the Director of National Intelligence (ODNI), DIA, DoD, DoN, DISA, NGA and local authority's security requirements as appropriate.
• The SCA shall document results of security requirements analysis, evaluations, alternatives analysis, risk assessments, and other security-related activities performed in support of project tasks and as tasked for approved project requirements. Documentation could be classified once populated with data. Once IP Addresses, System CONOPS (Concept of Operations), System Functions, Systems Missions, and System Architectures are combined in the security documents, the documentation can become classified up to the TS/SCI classification level.
• The SCA shall document and execute a plan for each system to achieve authorization to renew such authorization. Collaborate with information system owners and the engineering team to produce the body of evidence necessary to move through each step of the RMF process, successfully satisfy an independent control assessment and obtain Authorization to Operate (ATO).
• The SCA shall prepare Security documentation in support of project tasks and as tasked for approved project requirements, which support successful completion of Collateral and/or SCI-level security testing and evaluation (ST&E) appropriate for the product.
• The SCA shall coordinate activities with NIA and DISA offices to determine and refine certification testing and documentation requirements that impact products and services, in reference to achieve Certification to Field.
• The SCA shall manage systems accreditation processes, using eMass for NIPR and SIPR systems, and Xacta for JWICS systems. Following the RMF process, the SCA will be required to update and maintain system documentation, update controls, track any Plan of Actions and Milestones (POA&M) items, working with Hopper ISC's Configuration Management (CM) group to register software with DADMS, submit boundary control request (BCRs) for Ports, Protocols and Services (PPSM), and ensure DITPR system registration is complete within the deadline. The SCA shall monitor and report any IA-relevant issues, including vulnerabilities, exploits, policy changes and best practices.
• The SCA shall monitor all A&A Security activities, in accordance with the ICD 503 (RMF) process. The various security activities include, but are not limited to:
• Security testing, documentation, and reporting activities.
• Liaison with external organizations necessary to complete product certification tests, site certifications and temporary certifications for testing and exercise.
• Develop and maintain ISC-specific Certification Test Division plans, processes and
• Establish and update security elements in the master schedule.
• Provide inputs to project teams during requirements creation, definition, and tracking
• Perform security "pre-look" scans and testing of prospective new products and report findings.
• Keep abreast of DISA system configuration and testing guidelines and update practices and procedures as appropriate to incorporate changes.
• Prepare Security Analysis Memorandums for originating developers if applicable.
• Register, develop, verify, validate, document, and test the required A&A documentation, procedures, and policies required for the information systems produced and deployed within the Government's systems and applications and across NAVINTEL.
• The Security Control Accessor shall provide assessment and authorization requirements and documents shall be prepared IAW NAVINTEL ICD 503, DoD, and DISA security requirements as applicable for the system undergoing assessment/certification.
• The SCA shall prepare technical and miscellaneous reports to document progress and key decisions and provide reports with current status of tasks.
• The SCA shall coordinate with the Government to define and produce system certification and accreditation documents. The A&A documentation required for accreditation shall be compliant with the requirements stated in the ICD 503 and shall follow the direction and guidance provided in the Designated Accrediting Authority (DAA) or Designated Authorizing Official-approved assessment and authorization process.
• The SCA shall provide the list of security documents and materials contained in Attachment 1 (Certification and Accreditation Checklist) will also be required. Changes to security authorization and policy may alter these requirements in the future. This list is not intended to identify all possible documentation needed but to provide the current scope. Templates will be provided by the Government after the Information Assurance Registration Brief.
• The SCA shall coordinate with Hopper ISC Project Managers (when necessary) and Maritime Intelligence Element (MIE) Product Owner during project planning and execution activities. Provide input to project plans and project status in accordance with documented processes. Manage, monitor, and mitigate risks during project execution.
• The SCA shall ensure scheduled milestones are met, and when they cannot be, immediately inform and work with the Information System Security Manager (ISSM), the Product Owner and the Government to discuss schedule impacts.
• The SCA shall keep the Product Owner, TPOC and the Government apprised of the status of all technical activities and immediately alert whenever impacts to cost and schedule are anticipated.
• The SCA shall provide a weekly activity report (WAR) to the Contracting Office Representative (COR), and TPOC via the Government.
• The SCA shall provide a monthly financial report to the MIE Product Owner and the COR and shall brief a Program Management Report (PMR) of work completed from previous month based cost, schedule and performance.
• The SCA shall attend project and information assurance policy implementation meetings and briefings, and develop, provide, and deliver technical, operator, and customer training and briefings to all audience levels.
• The SCA shall keep abreast of DoD, DISA, and DoN system configuration and testing guidelines and update practices and procedures as appropriate in incorporating changes.

Minimum/General Experience:

• Minimum 7 years' experience
• Minimum 3 years of Navy A & A experience
• Test and evaluation experience
• RMF experience
• Familiarity with the Validator role
• IAT Level II/III or IAM Level III
• Training requirements:
  • NAVWAR-RMF 101
  • NAVWAR-RMF-NQV-201
  • NAVWAR-RMF-SAP-301 / NAVWAR-RMF-SAR-302 / NAVWAR-RMF-NQV-302
  • DISA eMASS CBT or ILT: 2 hrs.
  • DISA ACAS CBT or ILT: 32 hrs

Minimum Education:

• Bachelor's degree or higher

Disclaimer:

The above information has been designed to indicate the general nature and level of work to be performed. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the contractor assigned to this position. Applying: If you feel you have the knowledge, skills and abilities for this position visit our careers page at www.armadausa.com.

Special Notes: Relocation is not available for these jobs.

ARMADA provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. ARMADA complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.