Peraton is seeking an Information Assurance & Security Systems Specialist who will provide technical and programmatic information assurance services to internal and external customers in support of network and information security systems. In this role, you will design, develop, and implement security requirements within the organization’s business processes.
This position is based out of Melbourne, FL and will require the applicant to be within a commutable distance to provide on-site support.
Additional responsibilities include:
- Comply with the ISSM Roles and Responsibilities as laid out in DAAPM 2.2, JSIG Rev 4, ICD-503, and other applicable documentation.
- Maintain the Security Authorization or Assessment and Accreditation (A&A) of their assigned system(s).
- Track and coordinate with the Regional Information Assurance Director and the Peraton Information Assurance Director the Security Authorization of their assigned system(s).
- Deliver all required documentation using the current customer approved templates, forms, regulations, and methods.
- Continuously update all Security Authorization documentation as required by the customer and in accordance with applicable Risk Management Framework (RMF) packages.
- Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
- Maintain all required documentation for their assigned system’s Authority To Operate (ATO) or information system go live dates.
- Document all relevant governing authority Security Controls and/or applicable departmental policies for each information system the ISSM is responsible for.
- Draft Security/RMF Packages and perform any modifications throughout the lifecycle of the information system.
- Work closely with the key stakeholders to identify any additional controls that are applicable to the system(s) to maintain a favorable security posture.
- Perform an annual self-inspection and inventory in accordance with applicable governing authority.
- Provide oversight and advisement on all proposed change requests on the accredited Information System(s) as they pertain to the potential change to the existing Controls Assessment.
- Evaluate and provide advisement on all account access requests to information systems.
- Ensure all software is tested and approved prior to introduction to the production environment.
- Track the deployment of software to the environment.
- Manage and monitor all vulnerabilities with their assigned information systems.
- Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each accredited Information System. Proper documentation shall be filed and updated as required.
- Manage all applicable POA&Ms throughout the lifecycle of the information system. This includes but is not limited to the drafting of well documented waivers and exceptions detailing the potential risk to the Authorizing Official.
- Support the Incident Response Team in the remediation, documentation, and reporting of all incidents for the accredited system(s) under their purview.
- Perform a Weekly audit (review of logs) for each accredited information system.
- Participate in project discussions in support of the key stakeholders.
- Provide, track, and report security requirements throughout the system life cycle of all information systems that are within the accreditation boundary.
- Work closely with Office of the Chief Information Security Officer (CISO) and the Information Assurance Director (IAD) to provide guidance and oversight for all requested initiatives.
- Provide timely and detailed responses to all data calls.
- Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each information system.
- Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each Information System.