Peraton
Information Assurance and Security, Advisor
Peraton, Chantilly, Virginia, United States, 22021
Information Assurance and Security, Advisor
Responsibilities
Provides system security support of software applications and systems by applying the CSS Risk Management Framework, IC Directive, 503 Practitioners manual and the Committee on National Security Systems Instruction, and 1253 security controls. Provides technical and programmatic information system security officer services to internal and external customers in support of network and information security systems. Designs, develops, and implements security requirements within an organization's business processes. Prepares documentation from information obtained from customer using accepted guidelines. Prepares security test and evaluation plans. Provides certification and accreditation support in the development of security and contingency plans and conducts complex risk and vulnerability assessments. Analyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gaps. Recommends system enhancements to improve security deficiencies. Secures system configurations and installs security tools, scans systems to determine compliancy and report results and evaluates products and various aspects of system administration. Conducts security program audits and develops solutions to lessen identified risks. Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements. Performs vulnerability assessments including development of risk mitigation strategies.
Qualifications
Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD.
Active TS/SCI with poly.
Key roles:
Facilitates "Assessment & Authorization" ("A&A") of internally developed applications and systems by leveraging customer "A&A" tools and applying applicable organizational and Intelligence Community (IC) policies to achieve desired "Authorization to Operate" (ATO) status.Serves as an advisor to the system owner and project team regarding security implications of their system development.
Register system to the organizational "A&A" toolIdentify system security boundaryCalculate Confidentiality, Integrity, and Availability values for the systemCalculate Overlay Values, if any, for the systemDetermine applicable system layers (i.e., Application, Service, Data-store, Operating System, hardware, and/or Network)Address applicable security controls by gathering or generating associated artifacts (i.e., bodies of evidence)
Assist in the evaluation of security solutions to ensure they meet applicable security controls for processing classified information.
Work with system owner and project team to implement mitigation strategies for controls.Formulate appropriate Plan of Action(s) and Milestone(s) (POAMs) or Risk Acceptance (RA) justification to mitigate/address affected security controls.Conduct monthly Rapid7 scans to ascertain vulnerabilities and to implement mitigation strategies (e.g., patching, software updates, CVE's, etc.). Ensure remediation actions based on the scan results, POAMs, and Risk Assessments are implemented.Upload scan results to customer "A&A" tool repository.
Work with appropriate organizational "External Partners" that have a stake in the system's cyber security posture to provide them with applicable documentation (e.g., Contingency Plan, System Dependencies, Configuration Management).Work with appropriate ISSM's and Assessors to arrange for TEMs to obtain system security guidance/clarification.Solid knowledge of IC-Directive 503 (ICD-503) Risk Management Framework (RMF) to step through its respective stages.Solid knowledge of Committee on National Security Systems Instruction 1253 (CNNSI 1253) security controls.Strong communication skills - verbal and written - with all levels of stakeholders.
Strong personal network.
Understanding of emerging technical trends.
Benefits:
Peraton offers enhanced benefits to employees working on this critical National Security program, which include heavily subsidized employee benefits coverage for you and your dependents, 25 days of PTO accrued annually up to a generous PTO cap and eligibility to participate in an attractive bonus plan.
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.
Target Salary Range
$135,000 - $216,000. This represents the typical salary range for this position based on experience and other factors.#J-18808-Ljbffr
Responsibilities
Provides system security support of software applications and systems by applying the CSS Risk Management Framework, IC Directive, 503 Practitioners manual and the Committee on National Security Systems Instruction, and 1253 security controls. Provides technical and programmatic information system security officer services to internal and external customers in support of network and information security systems. Designs, develops, and implements security requirements within an organization's business processes. Prepares documentation from information obtained from customer using accepted guidelines. Prepares security test and evaluation plans. Provides certification and accreditation support in the development of security and contingency plans and conducts complex risk and vulnerability assessments. Analyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gaps. Recommends system enhancements to improve security deficiencies. Secures system configurations and installs security tools, scans systems to determine compliancy and report results and evaluates products and various aspects of system administration. Conducts security program audits and develops solutions to lessen identified risks. Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements. Performs vulnerability assessments including development of risk mitigation strategies.
Qualifications
Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD.
Active TS/SCI with poly.
Key roles:
Facilitates "Assessment & Authorization" ("A&A") of internally developed applications and systems by leveraging customer "A&A" tools and applying applicable organizational and Intelligence Community (IC) policies to achieve desired "Authorization to Operate" (ATO) status.Serves as an advisor to the system owner and project team regarding security implications of their system development.
Register system to the organizational "A&A" toolIdentify system security boundaryCalculate Confidentiality, Integrity, and Availability values for the systemCalculate Overlay Values, if any, for the systemDetermine applicable system layers (i.e., Application, Service, Data-store, Operating System, hardware, and/or Network)Address applicable security controls by gathering or generating associated artifacts (i.e., bodies of evidence)
Assist in the evaluation of security solutions to ensure they meet applicable security controls for processing classified information.
Work with system owner and project team to implement mitigation strategies for controls.Formulate appropriate Plan of Action(s) and Milestone(s) (POAMs) or Risk Acceptance (RA) justification to mitigate/address affected security controls.Conduct monthly Rapid7 scans to ascertain vulnerabilities and to implement mitigation strategies (e.g., patching, software updates, CVE's, etc.). Ensure remediation actions based on the scan results, POAMs, and Risk Assessments are implemented.Upload scan results to customer "A&A" tool repository.
Work with appropriate organizational "External Partners" that have a stake in the system's cyber security posture to provide them with applicable documentation (e.g., Contingency Plan, System Dependencies, Configuration Management).Work with appropriate ISSM's and Assessors to arrange for TEMs to obtain system security guidance/clarification.Solid knowledge of IC-Directive 503 (ICD-503) Risk Management Framework (RMF) to step through its respective stages.Solid knowledge of Committee on National Security Systems Instruction 1253 (CNNSI 1253) security controls.Strong communication skills - verbal and written - with all levels of stakeholders.
Strong personal network.
Understanding of emerging technical trends.
Benefits:
Peraton offers enhanced benefits to employees working on this critical National Security program, which include heavily subsidized employee benefits coverage for you and your dependents, 25 days of PTO accrued annually up to a generous PTO cap and eligibility to participate in an attractive bonus plan.
Peraton Overview
Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.
Target Salary Range
$135,000 - $216,000. This represents the typical salary range for this position based on experience and other factors.#J-18808-Ljbffr