Sr. Assessment and Authorization (A&A) Analyst Job

Sr. Assessment and Authorization (A&A) Analyst (Job Number:436293)
SAIC is currently seeking candidates for a Senior A&A Analyst to support a Federal Civilian agency in Vienna., VA
Job Description
- Perform assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) on behalf of a federal civilian agency as a contractor.
- Work within a team that conducts A&A activities.
- Develop System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation.
- Covers all cybersecurity aspects including, but not limited to, identifying risks, validating the mitigation of plans of action, analyzing system designs, and assisting with A&A issues that may prevent a system from receiving authorization.
- Supports the implementation of RMF by developing documentation as assigned.
Responsibilities and Duties:
- Build strong relationships with clients and internal departments to understand the IT security challenges and opportunities
- Able to work with PMs to manage small to large sized projects- managing scope, schedule, resources, risks/issues, and cost
- Support the creation of A&A management best practices, tools, and ways to drive A&A completion on schedule
- Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
- Identify potential risks associated with system configurations and advise on mitigation strategies
- Lead A&A status meetings and facilitate moving systems toward a successful A&A effort
- Assist in estimating Level of Effort (LOE) involved in performing A&A activities
- Develop and implement detailed test plans and review findings from self-assessments to determine readiness for independent validation and verification (IV&V) assessment
- Assists customer program offices in interpreting and applying mitigation strategies
- Conduct IV&V assessments and analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements
- Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in a (POA&M) document
- Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
- Produce risk assessment artifacts describing initial risks during system development and residual risks identified during IV&V
- Able to analyze, interpret, and apply Federal cybersecurity guidance to customer needs
- Communicate the security posture of systems through designated reporting mechanism
- Advise and mentor other team members in cybersecurity and provide initial quality assurance / peer review of RMF system packages
Clearance Required
- Must be US Citizen with the ability to obtain a Public Trust Clearance
- Note: A current DoD Clearance can not be used on this contract
- Bachelor's Degree in IT, Cyber Security, Computer Science, or related technical field preferred and 9-10+ years of experience
- CISSP Certification
- 6+ of demonstrated experience in Cybersecurity policy, procedures, and processes, including RMF and NIST 800-53 and A&A's
- Experience performing A&A's
- Understanding of NIST Special Publication including NIST SP 800-53 and other standard Understanding of FISMA, NIST RMF, and other IT Security standards
- Must have excellent oral and written communication skills across all levels and the ability to write comprehensive reports and senior level documentation skills
- Strong focus on collaboration, team building, and excellent customer service skills
- Demonstrated skills running effective meetings and getting buy-in and participation from executive leaders
- Able to quickly adapt to changing environment and deadlines to provide a consistent level of service
- Effectiveness working diplomatically across teams with varying objectives
- Microsoft Office (Word, Excel, Visio, PowerPoint, MS Project), MS SharePoint
- Well-versed in NIST publications, specifically RMF and NIST controls
- Subject Matter Expert dealing with defense-in- depth, and other information security and assurance principles and associated supporting technologies
- Must demonstrate proficiency in the following areas: multi-tasking, organizational skills; critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment
- Ability to work both independently and as a member of a team
- Experience working with Security engineering to review Nessus Vulnerability / Tripwire compliance scans
- Experience performing on-site cybersecurity assessments using Standards such as CIS Benchmarks, DISA STIGS, etc.
- Broad technical experience related to IT operations, networks, OS's, and system administration
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAICĀ s approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see ( My SAIC Benefits. EOE AA M/F/Vet/Disability
Job Posting: Oct 4, 2018, 2:33:16 PM
Primary Location: United States-VA-VIENNA
Clearance Level Must Currently Possess: None
Clearance Level Must Be Able to Obtain: Public Trust
Potential for Teleworking: No
Travel: None
Shift: Day Job
Schedule: Full-time

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.

More Jobs

Senior Business Analyst- Service and Change De...
Glen Allen, VA Capital one
Lead, 3rd Party Risk Analyst, Sr.
Herndon, VA Apex Systems
Strategic Communications and Behavior Change C...
Arlington, VA Booz Allen Hamilton Inc.
Automotive Finance and Insurance Manager, Auto...
Charlottesville, VA Umansky Chrysler Dodge Jeep RAM
Sr. Linux Platform Engineer with Security Clea...
Dunn Loring, VA Navstar Inc.
Senior Business Analyst, Tallahasse, FL
Vienna, VA Armedia LLC