Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Authorizing Official/Designating Representative (A&A)

C

CENTERPOINT

Authorizing Official/Designating Representative (A&A)

St. Louis, MO
Full Time
Paid
Similar Jobs
  • Responsibilities

    CUSTOMER: Intel Client

    CENTERPOINT is seeking a motivated and customer-oriented cybersecurity professional to support our IC client. The candidate will support the client in execution of Risk Management Framework (RMF) based Assessment & Authorization (A&A) activities. Specifically, the candidate will support RMF process as a Designated Authorization Official Representative (DAOR) and will provide subject matter expertise on cyber risk management, technical and non- technical, involving the identification and prioritization of security risks throughout the System Development Lifecycle (SDLC). In addition, the candidate will develop & document risk assessment results and recommendations using identified threats, applicable vulnerabilities, and likelihood of occurrence within the context of client risk tolerances.

    DUTIES:

    • Categorize Information Systems: The candidate shall coordinate with the ISO to categorize Information Systems. The candidate shall identify the potential impact (low, moderate, or high) resulting from the loss of Confidentiality-Integrity-Availability (C-I-A) if a security breach occurs.
    • Select Security Controls: The candidate shall select appropriate security controls to protect an Information System and properly manage mission, business, and system risks, enterprise-wide.
    • Implement Security Controls: The candidate shall assist ISOs in implementing common, hybrid, and system-specific security controls.
    • Authorize Information Systems

    REQUIRED EXPERIENCE: 5+ years of experience performing RMF support in the DoD

    DESIRED SKILLS:

    • Experience with RMF, CNSSI 1253, NIST SP 800-53, ICD 503
    • Experience reviewing Security Technical Implementation Guides (STIGs) and ACAS scans
    • Experience with utilizing Telos XACTA tool and/or EMASS tool
    • Applies knowledge of Information Assurance Vulnerability Alerts (IAVAs)
    • Applies experience with compliance and vulnerability scanning tools (Nessus, McAfee ePO)
    • Conducts comprehensive risk assessments levied against a system and documenting the results, including recommendations for Authority to Operate (ATO)
    • Experience developing Risk Assessment Report (RAR)
    • Ability to conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the system
    • Performs security risk assessments on cloud-based systems (i.e., AWS)
    • Verifies closure of liens and update POA&Ms, as applicable

    CERTIFICATION REQUIREMENTS:

    • IAM Level III (CISSP, CISM, or GSLC)

    EDUCATION REQUIREMENTS: B.S. or equivalent relevant experience

    CLEARANCE REQUIREMENT: Active TS/SCI