Cyber Assessment & Authorization (A&A) Engineer
Primary responsibility is to perform tasks related to Assessment & Authorization (A&A) within the Defense Health Agency to ensure assigned DoD systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications. Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs. This position will be a part of a team developing recommended courses of action needed to transition current policies and procedures to the Risk Management Framework (RMF) approved processes. Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge. Serve as Subject Matter Expert (SME) on one or more technologies.
BS degree and fifteen (15) years of experience with Information Technology/Information Assurance or eighteen (18) years of hands-on experience with Information Technology/Information Assurance.
Must possess a CompTIA Security + to start work
OS Certification/Approved Training completed within 180 days of hire
Clearance: Active Secret clearance
Skills considered as a good plus
Experience with RMF in DHA a plus
Experience with Accreditation package management in eMASS a plus
Excellent customer service and organization skills
Excellent oral and written communication skills
Risk Management Framework
NIST 800 series policies & Guidance
NIST Federal Information Processing Standards (FIPS)
Department of Defense Instructions (DoDI)
Security Technical Implementation Guides (STIGs)