DoD ICAM ISSO / IA Analyst III
DC/MD/VA

Tiber Creek Consulting Inc. is looking for an experienced Cybersecurity Engineer / Information Systems Security Officer in the VA/DC/MD area, working DoD ICAM - Identity, Credential, and Access Management and/or DISA Identity and Access Management (IDAM). The IAM II certified ISSO will participate in risk assessments and design security countermeasures to mitigate identified risks during the Assessment and Authorization (A&A) process, and design, develop, implement, and integrate information assurance architecture, system, or system components for use within data center, network, and enclave environments. The candidate will review and assess threats to the environment and provide input on the adequacy of security designs and architectures based on globally recognized Security Framework / Information Security Management System (NIST SP 800-53, ISO27001, HIPAA, SOX, PCI), as well as DoD and DISA regulations and guidance. The ISSO will ensure the programs retain their Authority-To-Operate (ATO) and submit all applicable Risk Management Framework (RMF) packages in the Enterprise Mission Assurance Support Service (eMASS) system. The candidate MUST have a strong background in RMF and a thorough understanding of the information assurance control families, be able to quickly identify the need for and develop detailed Plan of Actions & Milestones (POA&M's), and a strong command of the required documentation to support a long-term Authority-to-Operate.

Apply To:https://tibercreek.com/careers/apply/
Location:Ft. Meade MD and remote from VA/DC/MD.
Job Type:Full Time
Education:Bachelor's degree in related field.
Certifications:IAM level II (CAP, CASP+, CE, CISM, CISSP (or Associate), GSLC, CCISO) required.
Experience:8+ years’ related work experience including 5+ years working as an ISSO
Clearance:Current DoD Secret clearance required.
Related Experience Should Include:
  • Working ICAM - Identity, Credential, and Access Management and/or DISA Identity and Access Management (IDAM) for a DoD entity.
  • Extensive understanding and/or experience working with eMASS, POA&Ms, IA control families.
  • Working ICAM for a DoD entity, preferable Army
  • Five (5) years of Information Security experience
  • Four (4) years independently performing System Assessment & Authorization in accordance with NIST guidelines.
  • Retaining ATO including submitting all applicable RMF packages in eMASS.
  • Developing and updating Plans of Actions and Milestones (POA&Ms) and overseeing efforts to rectify issues found as a result of security vulnerabilities and security controls analysis.
  • Experience with Control Families.
  • A&A audit experience.
  • Presenting findings, current status and way ahead for completing ATO submissions.
  • Performing the full cycle of system Assessment & Accreditation (A&A) activities.
  • Excellent working knowledge of the National Institute of Technology (NIST) Risk Management Framework (RMF).
  • Solid technical background with strong understanding of network architectures and communications, operating systems, web platforms, and databases.
  • Experience developing and maintaining system security documentation, including but not limited to System Security Plans, Security Assessment Reports, Contingency Plans, and Interconnection Security Agreements.
  • Experience with iAssure Templates.
  • Converting older DIACAP to RMF via iAssure Templates.
  • Experience with registering system ports/protocols/services in the PPSM database.
Job Duties:
  • Support the DoD ICAM Information Systems Security Manager (ISSM).
  • Develop, maintain and submit Risk Management Framework (RMF) security documentation packages for the purpose of obtaining Authorization-to-Operate (ATO) and Authorization-to-Connect (ATC) certifications, as required by the government.
  • Prepare Change Requests for changes to the system which require Authorization Official (AO) approval.
  • Provide weekly, bi-weekly, and monthly status reports, containing status and performance metrics for each ATO package under the contract.
  • Assess Plan of Action and Milestones (POA&M) individual corrective action implementation for demonstration that security controls have been implemented correctly and effectively, validating corrective action and/or mitigating factors.
  • Review Security Technical Implementation Guides and Secure Readiness Guides (STIG/SRGs) and Assured Compliance Assessment Solution and Continuous Monitoring and Risk Scoring (ACAS/CMRS) scan reports and work with proper team members to create POA&M’s for open findings.
  • Establish, maintain, collect, and update annually, the RMF Standard Operating Procedures (SOPs) and Tactics, Techniques and Procedures (TTPs), and corresponding artifacts.
  • Support the CONOPS Knowledge Management Data Repository and briefing slide decks.
  • Lead weekly meetings to review outstanding action items, develop a plan for addressing ATO findings and obtain approval for any potential changes to the organization’s IA baseline.
  • Register system ports/protocols/services in the PPSM database.
  • Maintain the system’s official DoD Information Technology (IT) Portfolio Repository (DITPR) record.
  • Other duties as required to obtain and maintain Accreditation for multiple ATO’s.
Minimum Qualifiers:
  • Current DoD Secret clearance.
  • Candidates must be local to DC/MD/VA.
  • Unable to work with 3rd party candidates or agencies.

Interested in Joining Our Team?

Apply Now
Back to Careers