Senior Level Information Assurance & Security Systems Specialist

Peraton is seeking an Information Assurance & Security Systems Specialist who will provide technical and programmatic information assurance services to internal and external customers in support of network and information security systems. In this role, you will design, develop, and implement security requirements within the organization’s business processes. This position requires prior experience working with DCSA and setting up CWAN accounts (NIPR, SIPR, and JWICS).

This position is based out of Melbourne, FL and will require the applicant to be within a commutable distance to provide on-site support.

Responsibilities:

• Working with DCSA and setting up CWAN accounts (NIPR, SIPR, and JWICS).
• Comply with the ISSM Roles and Responsibilities as laid out in DAAPM 2.2, JSIG Rev 4, ICD-503, and other applicable documentation.
• Maintain the Security Authorization or Assessment and Accreditation (A&A) of their assigned system(s).
• Track and coordinate with the Regional Information Assurance Director and the Peraton Information Assurance Director the Security Authorization of their assigned system(s).
• Deliver all required documentation using the current customer approved templates, forms, regulations, and methods.
• Continuously update all Security Authorization documentation as required by the customer and in accordance with applicable Risk Management Framework (RMF) packages.
• Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
• Maintain all required documentation for their assigned system’s Authority To Operate (ATO) or information system go live dates.
• Document all relevant governing authority Security Controls and/or applicable departmental policies for each information system the ISSM is responsible for.
• Draft Security/RMF Packages and perform any modifications throughout the lifecycle of the information system.
• Work closely with the key stakeholders to identify any additional controls that are applicable to the system(s) to maintain a favorable security posture.
• Perform an annual self-inspection and inventory in accordance with applicable governing authority.
• Provide oversight and advisement on all proposed change requests on the accredited Information System(s) as they pertain to the potential change to the existing Controls Assessment.
• Evaluate and provide advisement on all account access requests to information systems.
• Ensure all software is tested and approved prior to introduction to the production environment.
• Track the deployment of software to the environment.
• Manage and monitor all vulnerabilities with their assigned information systems.
• Generate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each accredited Information System. Proper documentation shall be filed and updated as required.
• Manage all applicable POA&Ms throughout the lifecycle of the information system. This includes but is not limited to the drafting of well documented waivers and exceptions detailing the potential risk to the Authorizing Official.
• Support the Incident Response Team in the remediation, documentation, and reporting of all incidents for the accredited system(s) under their purview.
• Perform a Weekly audit (review of logs) for each accredited information system.
• Participate in project discussions in support of the key stakeholders.
• Provide, track, and report security requirements throughout the system life cycle of all information systems that are within the accreditation boundary.
• Work closely with Office of the Chief Information Security Officer (CISO) and the Information Assurance Director (IAD) to provide guidance and oversight for all requested initiatives.
• Provide timely and detailed responses to all data calls.
• Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each information system.
• Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each Information System.

Required Experience:

• Active TS/SCI security clearance.
• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; 12 years of related experience is allowable in lieu of degree. 
• Must have experience working with DCSA and setting up CWAN accounts (NIPR, SIPR, and JWICS).
• Experience with Authority to Operate (ATO) process, continuous monitoring, POA&Ms, Security Authorizations (SA), NIST 800-37, NIST 800-53 Rev4/ Rev5, working with System Owners (SO)
• Experience with the A&A process of various customers
• CISSP, CISA or equivalent certifications (DoD 8570 IAM 2 equivalent)
• System Admin or other technical background
• Experience with Ongoing Authorizations
• Experience with eMASS
• Experience with XACTA
• Experience with System Compliance Check and Security Technical Implementation Guidance

Preferred Qualifications:

• Prior physical security (FSO/CPSO/ACPSO) experience is a plus.
• Experience with NISS/DISS Systems
• Experience with ACAS, Nessus, and/or other vulnerability scanners
• DoD SAP experience  

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.