Position Title: C&A Analyst
Location: Washington, DC
Status: Green Card
Clearance: Ability to obtain Public Trust
Our client has an opening for a Certification & Accreditation SME in Washington, DC
-Providing Information Technology Security Certification and Accreditation (C&A) guidance.
-Facilitating initial briefings and subsequent meetings of the C&A core team.
-Coordinating the completion of a BIA for each information resource.
-Working with the Privacy Office on privacy-related requirements.
-Recommending security requirements to executive sponsors and portfolio managers during the BIA process based on generally accepted industry practices, the operating environment [e.g., hosted in the de-militarized zone (DMZ)], and the risks associated with the information resource.
-Providing guidance on how information resources are vulnerable to threats, what controls and countermeasures may be appropriate, and the C&A process.
-Reviewing and evaluating C&A documentation, including the BIA, Risk Assessment, Security Plan, Security Test and Evaluation (ST&E) plan and report, and independent reviews of the information resource.
-Preparing the C&A Evaluation Report.
-Escalating security concerns or forwarding the C&A Evaluation Report and supporting C&A documentation package to the certifier.
-Work with the ISSO to complete C&A artifacts and sending the other required artifacts (e.g., TAD and security specifications for procurements) to the ISSO.
-Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
10 years of related experience in data security administration.
-10+ years' experience
*Experience with a wide variety of NIST Special Publications
*Experience with a wide variety of NIST FIPS Publications 10
-Government and industry best practices
-Assessment of sensitivity and criticality
-Configuration and change control
-Risk assessment methodology
-Business continuity management
-Ongoing testing of controls
-Defense in depth
Highly desirable experience:
-A thorough understanding of the Information Resource Security Certification and Accreditation (C&A) processes.
Managed the end-to-end C&A process for Business Applications and Infrastructure Systems
-Secure software development
-Security code review standards
-Remote access management
-Virus and malicious code protection
Intrusion detection and prevention
Vulnerability scans and audit
Opportunity Employer M/F/D/V