Information Assurance Specialist

Strategic ACI is seeking an Information Assurance (IA) Specialist specializing in RMF. The candidate will work as part of a small cybersecurity team. The candidate will manage DoD Risk Management Framework (RMF) processes and will need to be familiar with creating eMASS packages, DISA STIGs, FISMA Compliance Requirements, NIST 800 Series, and the DoD ACAS Scanning tool desired.

Responsibilities:

• Provide guidance in developing, reviewing, and maintaining security body of evidence BOE such as Security Plans (SSP), POA&Ms, STIG checklists, associated artifacts; and provide strategic recommendations in accordance with DoD and Army policies and procedures
• Validate resolution of vulnerabilities documented in the POA&M and provide evidence of resolution for approval
• Support on-site and remote site accreditation testing for networks at CONUS and OCONUS locations - travel up to 25%
• Ensure security-related concerns and incidents are reported to ISSMs and managed timely
• Provide guidance on NIST SP 800-53 publication for managing security controls
• Support the creation or modification of FISMA compliancy documentation such as Contingency Plans, Incident Response Plan, Access Control Plans, etc.
• Evaluate system’s risk in respect to operation at the network, system, and application level
• Evaluate vulnerability assessment results and STIG results and manage findings in eMASS
• Maintain close contact with government POCs to keep abreast of progress, report concerns or issues, and offer COAs as needed.

Qualifications:

Required:

• Ability to obtain a TS/SCI clearance (Secret or Top Secret preferred to start)
• 5+ years of Cybersecurity experience
• 3+ years proficiency in RMF processes
• Experience using and navigating eMASS tool to manage Assessment & Authorization (A&A) process
• Possess DoD 8570.01-M IAM Level I or II certifications such as CISSP, CISA, Security+
• Proficiency in performing risk-based reviews of Security Authorization Package
• Ability to work independently with minimal supervision or guidance.

Desired:

• Understanding of Army IC architectures, policies, and authorities.
• Experience with Nessus Scanner
• Experience with Security Content Automation Protocol (SCAP) tool
• Understanding of DevSecOps, containers, cloud computing infrastructures, platforms, and services