Senior System Security

Required Qualifications

TS/SCI clearance with SBI and ability to attain SI, TK, G, HCS, and NATO Secret clearance

DoD 8140.03 IAT Level II/Intermediate certification

Three years of experience preparing System Security Plans (SSPs), Plans of Actions and Milestones (POAM), and other associated Body of Evidence documentation for system certifications and authorizations

Two years of experience working with the Accreditation Process, Risk Management Framework (RMF)

Two years of experience working with vulnerability scanners such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), Windows Automated Security Scanning Program (WASSP) and DISA STIG Viewer

Two years of experience entering information in the enterprise Mission Assurance Support Services (eMASS).

Two years of experience working with Security Technical Implementation Guides (STIGs), Information Assurance Vulnerability Management (IAVM), Information Assurance Vulnerability Alerts (IAVAs), Information Assurance Vulnerability Bulletins (IAVBs), Security Requirements Guides (SRG), and Technical Advisories (TAs)

Tenable Fundamentals of Managing Security Center Certificate of Proficiency

Key Responsibilities

Enforce DoD and Army cyber security policies and regulations.

Write reports, memorandums, and procedure manuals IAW Army Regulation 25-50, Preparing and Managing Correspondence.

Develop and sustain Risk Management Framework (RMF) certification and accreditation (C&A) packages to maintain Authorization to Operate (ATO) to include Bodies of Evidence (BOE) of DAIIS systems and applications. Process and submit Plans of Action and Milestones (POAMs) within Enterprise Mission Assurance Support Service (eMASS).

Perform monitoring of security controls to ensure compliance within eMASS for DAIIS systems.

Monitor DISA STIGs implementation and report compliance to DAIIS leadership.

Apply the RMF process in accordance with DoD and National Institute of Standards and Technology (NIST) guidelines.

Provide and submit packages to gain approval via Army eMASS Assess-Only Process (formerly Certificates of Networthiness (CoN)) for new and upgraded software.

Enter and manage data in the Army Portfolio Management Solution (APMS) registry and associated Assessment and Authorization (A&A) requirements for annual Federal Information Security Management Act (FISMA) reporting.

Perform monitoring of security controls to ensure compliance within eMASS for DAIIS systems.

Conduct monthly Assured Compliance Assessment Solution (ACAS) vulnerability scans of DAIIS servers. Provide findings to systems administrators for remediation and conduct follow-up scans to ensure compliance.

Issue, track, and destroy a weekly average of 200+ CD/DVD/Blu-ray media types as a media custodian.

Prepare reports and track Unauthorized Disclosure of Classified Information (UDCI), Serious Incident Reports (SIR), Vulnerability Disclosure Program (VDP), Army User Activity Monitoring Program (AUAMP), and any other similar report as required

Prepare, submit, and track Exception to Policy (ETP), Approval to Connect (ATC), Enclave Connection Approval (ECA), Ports, Protocols, and Services (PPS) requests. Conduct annual training of approximately twenty (20) DAIIS Data Transfer Agents on authorized methods of requesting, obtaining, and handling removable media and processes and responsibilities for conducting data transfers with removable media.