The Information Assurance Engineer will be responsible for accreditations on a family of system program, DCGS-A. Specifically, the IA SME is responsible for gathering information necessary to validate system security accreditations, compliance, FISMA reviews, and ensure RMF compliance. The IA engineer will define, create and maintain the required IA documentation for each system requiring accreditation at the NIPR, SIPR, and TS levels and the associated POAMs. Furthermore, the IA SME will assess the impacts of system modifications, upgrades, and new systems coming on board that need accreditation.
- Coordinates all Accreditation and Authorization packages for Cross Domain Solutions with the appropriate agency/stakeholders
- Writes comprehensive security analysis reports including assessment-based findings, outcomes and enter this data into DoD Information Assurance Management data bases for evaluation by Authorizing Officials to support the receipt of a Authority to Operate (ATO) for the systems.
- Describes, tests and validates security measures active on security infrastructure devices for the protection of computer systems, networks and information system
- Identifies and defines system security requirements and correlates/documents them by analysis of organizational standard security operating procedures (SOP) and protocols.
- Determines security violations and inefficiencies through security tests, evaluations and audits.
- Describes system security architectures and provides detailed descriptions for the security components of information systems.
- Recommends technical solutions and new security tools to mitigate identified or potential security vulnerabilities.
- Recommends techniques to protect system by defining access privileges, control structures, and resources required to implement these structures.
- Achieves system security operational objectives by contributing guidance and recommendations to program/project leadership.
- Recommends improvements by assessing current security implementations and anticipating new security requirements.
- Maintains system security by implementing and maintaining security controls.