MUST BE A U.S. CITIZEN

A3T, a fast growing firm, specializes in Defensive Cyber Security Services, Enterprise Information Technology (IT) Solutions, and Professional Services driven by customer requirements. Our client’s customers are the focal point of all decisions and actions. A3T provides customer-centric services and focus resources to meet operational requirements, exceed expectations, and sustain organizational growth while mitigating risk.  

Join A3T and watch your career soar! A3T is a small, agile, company looking for incredible talent to support the United States Government in many important national security roles.  A3T is looking to bring on an experienced 
Cyber Security / IA Network Specialist (Assess and Authorize Support SME) with “Next-Level Thinking” who is ready to take their career to a new level with A3T.

The successful IA Network Specialist Subject Matter Expert (SME) shall support in conducting security control assessments, risk analysis and drafting Security Assessment Reports and recommendations.  The IA Network Specialist SME shall have the ability to complete accurate documentation in all Microsoft product formats and effectively brief agency management, Security Control Assessors and Authorizing Official is required. This includes performing the below cybersecurity tasks.

Duties/Responsibilities:

• Conduct assessment of information systems security controls to include technical controls.  DFAS currently has policy and procedure for conducting security assessments. Use these and provide recommendations for any needed improvements.
  
  

• Conduct risk assessments for system’s non-compliant security controls IAW NIST 800-30
  and DoD/DFAS processes.  Document results and submit recommendations to SCA.  DFAS
  currently has guidance and procedures for conducting risk assessments. Use these in the evaluation and provide recommendations for any needed improvements.

• Conduct Continuous Monitoring activities such as Annual Assessment evaluations, POA&M analysis and Analyze system’s POA&Ms, providing recommended mitigations and needed fix timelines.   DFAS currently has Program Strategy and System Strategy template. Use these in the evaluation and submit recommendations for any improvements needed.

• Review proposed mitigations, requests for risk acceptance, and the rationale provided for stated residual risk acceptance. Provide evaluation results on an official form used to verify awareness of or risk acceptance by DFAS leadership.

• Analyze proposed system changes, determining minor or significant change and provide guidance on appropriate technical security testing.

• Able to work under only general direction and be able to independently determine and develop an approach to assessor solutions, only needing review upon completion for adequacy in meeting objectives.

• Interpret and provide consulting on the development of security guidance, and serve as a RMF SME at key stakeholder meetings.

• Knowledge in reviewing, analyzing, and documenting the secure implementation of logical controls, physical controls, environmental controls, personnel security and incident handling,

• Experience with DoD security hardening, collection and assessment tools (STIGS, ACAS SCAP, Nessus, etc.) and experience with security architectures, firewalls and network access.  

• Strong organizational skills and an ability to stay focused while managing multiple tasks concurrently.

• Application code analysis, both static and dynamic, utilizing tools such as HP Fortify and Web Inspect.

• Extensive DoD Information Assurance Certification & Accreditation Process (DIACAP) and NIST experience in security control assessments and risk assessments utilizing: 

• • NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and
    Organizations, current edition

  • NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal
    Information Systems

  • NIST SP 800-30 Guide for Conducting Risk Assessments, current edition

  • NIST SP 800-39 Managing Information Security Risk, current edition

  • Committee on National Security Systems Instruction 1253, Security Categorization and Control Selection for National Security Systems, March 15, 2012 as amended.

  • Subchapter III of chapter 35 of Title 44, United States Code (also known as the Federal Information Security Management Act (FISMA of 2002)

  • NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal
    Information Systems Organizations, current edition

Clearance:  Secret

Certifications: 

• Information Assurance Management (IAM) level III.  Certified Information Systems Security Professional (CISSP) or other Equivalent DoD 8570.01-M.

Experience:

• Must have a minimum 10 years of experience in cybersecurity documentation and system
  authorization artifacts (System Security Plan, lifecycle documentation, continuous monitoring plan, Security Assessment Plan, Security Assessment Report, Risk Assessment, etc.). 

• Must have working knowledge of the DoD CS policy requirements set forth in Dodi 8500.01, “Cybersecurity,” and DoDI 8510.01, “Risk Management Framework (RMF) for DoD Information Technology” and their successors. Available at http://www.dtic.mil/

• Must have strong critical thinking/analytical skills, creativity, a proven drive for quality, and excellent oral and written communication skills.

• Must have strong technical writing skills.

We offer a competitive benefits package to include: paid holidays, paid time off, medical, dental, vision, company paid long and short term disability and life insurance, referral bonuses, certification reimbursement program, etc.

It is the policy of A3T to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations.

We maintain a drug-free workplace and perform pre-employment substance abuse testing to include background checks.

eVerify employer.

CC