Information Assurance Lead

Peraton is seeking an Information Assurance Lead to manage the Eastern Information Assurance Region for all classified information systems. As part of our Corporate IT Operations team, the Information Assurance Lead will have the opportunity to support multiple customers/vendors and manage several large and isolated systems. This role will be hands-on and will require someone to be local to the DC Metro with the ability to travel to locations within the area.

Responsibilities include: 

• Comply with the ISSO/ISSM roles and responsibilities as laid out in DoD8570/8100 and DHS 4300 A/B.
• Maintain the Security Authorization or Certification and Accreditation of their assigned systems.
• Track the Security Authorization of their assigned systems.
• Deliver all required documentation using the applicable governing guidance approved templates, forms, regulations, and methods.
• Continuously update all Security Authorization documentation as required by the SOP.
• Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
• Maintain all required documentation to maintain their assigned systems Authority to Operate or system go live dates.
• Document all relevant NIST 800-53 and 4300A Security Controls and/or applicable departmental policies for each IT system in their purview.
• Draft a Security Package and perform any modifications throughout the lifecycle of the IT system.
• Work closely with the System Owner to identify any additional controls that are applicable to the system to maintain a favorable security posture.
• Perform an annual physical assessment of all General Support Systems (GSS) and Major Applications and sub-system interfaces.
• Provide oversight and advisement on all proposed change requests on an IT System as it pertains to the potential change to the existing Controls Assessment.
• Work with auditors to identify Key Controls which must be assessed on a recurring annual basis.
• Evaluate and provide advisement on all privileged access requests to IT systems.
• Ensure software targeted for introduction to the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.
• Track the deployment of software to the environment that is not part of the base image. Ensure software installs are registered to individual users.
• Ensure software deployed in the environment is audited on a quarterly basis. Provide reports to System Owners, ISSO/ISSMs, and to O&M staff tailored with the level of detail or abstraction as appropriate.
• Perform oversight of Information System Vulnerability Management (ISVM) inquiries and ensure that the inquiries are addressed and reported within the allotted timeframe and reported via the accepted methods and formats.
• Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System. Proper documentation shall be filed and updated as required.
• Manage all applicable POA&Ms throughout the lifecycle of the IT system. This includes but is not limited to the drafting of well documented waivers and exceptions detailing the potential risk to the Authorizing Official.
• Support the Security Incident Response team in the remediation, documentation, and reporting of all incidents for the assigned system.
• Perform a Weekly review of logs for each IT system.
• Participate in project discussions in support of the System Owner.
• Provide track and report security requirements throughout the project life cycle of all projects that are within the accreditation boundary of their assigned system.
• Work closely with Office of the Chief Information Security Officer (CISO) to provide guidance and oversight for all requested initiatives.
• Provide timely and detailed responses to all data calls.
• Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each IT system.
• Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System.
• Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system to reflect the approved state of each IT system.
• Ensure the Configuration Management Database (CMDB) is continuously updated with the appropriate operational group if it is available.

Qualifications:

• Bachelors degree and 10 years of experience, Masters and 8 years of experience, or  PhD and 5 years of experience. Significant relevant experience will be considered in lieu of degree.
• Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev3 / Rev4, working with System Owners (SO).
• Experience with the A&A process.
• Understanding of RMF compliance.
• Works well with team members.
• CISSP, CISA or equivalent certifications (DoD 8570 IAM 3 equivalent).
• System Admin or other technical background.
• Experience with Ongoing Authorizations.
• Experience with Xacta and eMASS.
• Active Top Secret clearance.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.