MUST BE A U.S. CITIZEN and possess an active Secret Security Clearance
A3T, a fast-growing firm, specializes in Defensive Cyber Security Services, Enterprise Information Technology (IT) Solutions, and Professional Services driven by customer requirements. Our client’s customers are the focal point of all decisions and actions. A3T provides customer-centric services and focus resources to meet operational requirements, exceed expectations, and sustain organizational growth while mitigating risk.
Join A3T and watch your career soar! A3T is a small, agile, company looking for incredible talent to support the United States Government in many important national security roles. A3T is looking to bring on an experienced IA Analyst, Senior / ISSM (A&A, Compliance, Risk Mgmt.) with “Next-Level Thinking” who is ready to take their career to a new level with A3T."
Job Description: The successful IA Analyst, Senior / ISSM (A&A, Compliance, Risk Mgmt.) candidate will provide wide-ranging support for all customer-supported audit activities.
The candidate will participate in the following activities:
- Assessment and Authorization (A&A)
- prepare and review Mission Partner security assessment and authorization documents and artifacts in accordance with (IAW) with all DoD A&A regulations and governance.
- Document Mission Partner security findings using cybersecurity tools to include eMASS and ESPS.
- Register and maintain information system programs in DoD’s mandated program registration system.
- Verify information system Ports, Protocols and Services (PPS) are acquired, developed, implemented, maintained, and registered in DoD’s central registry system.
- Ensure applicable NIPRNet, SIPRNet, and isolated environment information system programs are registered in DoD’s mandated A&A repository.
- Monitor and report Mission Partner program's Authority to Operate (ATO) expiration dates.
- Initiate, process, and monitor authorizing official (AO) risk acceptance, Plans of Action and Milestones (POA&M), waiver, and reciprocity processing.
- Use the Office of the Secretary of Defense’s (OSD) official Knowledge Service portal as authoritative source for RMF policy and implementation guidelines.
- Provide documentation regarding the security posture of DoD Information Systems (IS) and Planned Information technology (PIT) systems to promote reciprocity as described in DoD Instruction (DoDI) 8500.01 and to assist AOs from other organizations in making credible, risk-based decisions.
- Maintain, update, and version control the Meeting Request List (MRL) and Document Request List (DRL) form via DISA's designated collaboration tool.
- Cyber Compliance:
- Assist in DoD supported audits, to include auditing and reporting of systems, networks, documentation, cybersecurity controls, DoD 8570.1-M requirements, information assurance vulnerability management (IAVM) notifications, and STIG.
- Conduct technical analysis of vulnerabilities to determine the impact to the DISA Enterprise cybersecurity posture.
- Create, maintain, and document functional processes that ensures cybersecurity requirements are identified and implemented throughout the system lifecycle, to include acquisition, design, development, testing, integration, implementation, operation, upgrade, and/or replacement.
- Risk Management:
- Implement DoD multi-tiered cybersecurity risk management process to protect U.S. interests, DoD operational capabilities, and DoD individuals, organizations, and assets IAW National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39 (Reference (o)) and Committee on National Security Systems (CNSS) Policy (CNSSP) 22.
- Create, maintain and document a risk management process for identifying, validating and reporting risks.
- Address, manage and integrate cybersecurity risk management throughout information technology life cycle, from acquisition to decommission.
- Perform, maintain, document and report on risk assessments IAW applicable DoD cybersecurity policies, standards, and architectures for Mission Partner information system programs to provide vulnerability posture awareness.
- Create, maintain, document and report risks associated with DoD cyberspace vulnerabilities and adversary threats impacting DoD employment of capabilities to achieve military, intelligence, and business operations objectives, and risk assessment mitigations associated with weaknesses or flaws introduced through faulty system design, configuration, and/or use.
- Assist and provide technical security expertise to the DISA Enterprise Information System Security Manager (ISSM) with researching and integrating new technologies (to include risks and benefits) pertaining to programs, systems, networks and the adherence to applicable cybersecurity requirements.
- Ensure information systems are assigned to and governed by a DoD component cybersecurity program that manages risk commensurate with the categorization of supported missions and the value of potentially affected information or assets.
Qualifications Clearance: Top Secret with SCI eligibility Education: Bachelor's degree or equivalent work experience
Certifications: DoD 8570 Security+ CE or equivalent IAM-I certification is required.
Experience: Five + years of relevant/recent DoD Information Assurance Certification and Accreditation Process (DIACAP) and/or RMF AND three + years of relevant/recent experience with Microsoft Office products.
- Experience with DISA is highly desired
- Experience working in an enterprise environment, for example, the WHS, ITA, Joint Service Provider (JSP) Pentagon, or Navy Marine Corps Internet (NMCI)
- Must have strong critical thinking/analytical skills, creativity, a proven drive for quality, and excellent oral and written communication skills.
- Strong organizational skills and an ability to stay focused while managing multiple tasks concurrently.
Additional information We offer a competitive benefits package to include: paid holidays, paid time off, medical, dental, vision, company paid long and short term disability and life insurance, referral bonuses, certification reimbursement program, etc. It is the policy of A3T to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations. We maintain a drug-free workplace and perform pre-employment substance abuse testing to include background checks.