Information Assurance and Security Advisor

Program Overview

About The Role

Peraton is seeking an Information Assurance & Security Systems Advisor who will provide technical and programmatic information assurance services to internal and external customers in support of network and information security systems. In this role, you will design, develop, and implement security requirements within the organization’s business processes. This position reports directly to the lead ISSM

This position is based out of Melbourne, FL and will require the applicant to be within a commutable distance to provide on-site support.

Responsibilities:

• Comply with the ISSM Roles and Responsibilities as laid out in CNSSI 1253, DoDI 8500.01, ICD-503, and other applicable documentation.
• Implement and monitor all steps of Risk Management Framework (RMF) process life cycle of their assigned information system(s).
• Track and coordinate with the Regional Information Assurance Director and the Peraton Information Assurance Director the Security Authorization of their assigned system(s).
• Deliver all required documentation using the current customer approved templates, forms, regulations, and methods.
• Continuously update all Security Authorization documentation as required by the customer and in accordance with applicable RMF packages.
• Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
• Maintain all required documentation for their assigned system’s Authority To Operate (ATO) or information system go live dates.
• Document all relevant governing authority Security Controls and/or applicable departmental policies for each information system the ISSM is responsible for.
• Draft comprehensive Security/RMF Body of Evidence (BoE) packages and perform any modifications throughout the lifecycle of the information system.
• Work closely with the key stakeholders to identify any additional controls that are applicable to the system(s) to maintain a favorable security posture.
• Provide oversight and advisement on all proposed change requests on the authorized Information System(s) and the potential security impacts to the existing controls assessment.
• Evaluate and provide advisement on all account access requests to information systems.
• Ensure all software is tested and approved prior to introduction to the production environment.
• Track the deployment of software to the environment.
• Manage and monitor all vulnerabilities with their assigned information systems.
• Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each authorized Information System. Proper documentation shall be filed and updated as required.
• Manage all applicable POA&Ms throughout the lifecycle of the information system. This includes but is not limited to the drafting of well documented waivers and exceptions detailing the potential risk to the Authorizing Official.
• Support the Incident Response Team in the remediation, documentation, and reporting of all incidents for the authorized system(s) under their purview.
• Perform a Weekly audit (review of logs) for each authorized information system.
• Participate in project discussions in support of the key stakeholders.
• Provide, track, and report security requirements throughout the system life cycle of all information systems that are within the authorization boundary.
• Work closely with Office of the Chief Information Security Officer (CISO) and the Information Assurance Director (IAD) to provide guidance and oversight for all requested initiatives.
• Provide timely and detailed responses to all data calls.
• Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each information system.
• Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each Information System.

Qualifications

Required Qualifications:

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Active TS/SCI security clearance.
• Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/ Rev5, working with System Owners (SO)
• Experience with the Assess and Authorize (A&A) process of various customers
• CISSP, CISA or equivalent certifications (DoD 8570 IAM 2 equivalent)
• Experience with ongoing Authorizations
• Experience with XACTA or eMASS
• Experience with DoD Cloud Computing Security Requirements Guide (SRG)
• Experience with SCAP Compliance Checker (SCC) and Security Technical Implementation Guides (STIG)

Preferred Qualifications:

• Prior physical security (FSO/CPSO/ACPSO) experience is a plus.
• Experience interpreting ACAS, Nessus, and/or other vulnerability scanner results
• Hands-on Xacta 360 or Xacta.IO experience preferred by not required

SCA / Union / Intern Rate or Range

Details

Target Salary Range: $104,000 - $166,000. This represents the typical salary range for this position based on experience and other factors.

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.