Job Description

Responsibilities:

• Conduct initial Security Assessment and obtain ATO in line with NIST SP 80037 Rev. 2
• Maintain the Security Authorization or Authorization to Operate (ATO) of assigned system(s)
• Continuously update all Security Authorization documentation to maintain assigned systems ATO or system go live dates
• Select the baseline security controls for the IT system using Archer and tailor where appropriate
• Document all relevant NIST 80053 Security Controls for assigned IT systems
• Perform and document initial and annual risk assessments of all systems
• Develop and document all supporting Security A&A artifacts (PIA SP ITCP BIA CMP MOU ISA)
• Assist in the development of the Security Assessment Plan (SAP)
• Develop Security Assessment Reports (SAR)
• Produce Security Authorization package for Authorizing Official (AO) signature including Authorization to Operate (ATO)
• Track the deployment of software to the environment that is not part of the base image
• Generate Plan of Actions & Milestones (POA&Ms) for each noncompliant control for assigned IT Systems

The NeedtoHave Skills & Qualifications:

• Working knowledge and experience with CSAM and RMF
• DHS experience
• Experience working with system stakeholders to assess and manage system cybersecurity risk
• Knowledge of the process to obtain a system ATO and requirements to maintain the ATO
• Experience working with system stakeholders to assess and manage system cybersecurity risk
• Ability to synthesize complex IT system information and communicate system status and requirements in written products and verbal presentations
• Ability to write clear concise and effective security control implementation statements
• Familiarity with configuration settings and vulnerability management analysis of infrastructure devices.
• Ability to draft a complete ATO package to include the SSP.
• Ability to work independently and within given timelines.

Remote Work :

No

Job Tags

Similar Jobs