This site uses cookies. To find out more, see our Cookies Policy

Project Lead/Senior Security Analyst in Washington, DC at THOR Solutions

Date Posted: 6/10/2018

Job Snapshot

Job Description

The managerial and technical complexity of the Coast Guard’s C4ISR Acquisition Project demands proactive problem identification, creative issue resolution, and overall stewardship of the program. Including continuing responsibility to protect the confidentiality, integrity, and availability of the information that is used and to ensure essential Coast Guard functions are carried out. The support staff will coordinate with and support the Configuration Management (CM)/Logistic/Test &Evaluation (T&E) and C4ISR IA team with all SAP related activities and protection of all Coast Guard C4ISR systems and information they contain.

The C4ISR SAP program consists of providing:

  • Support of the Security Authorization process
  • Assessment and Authorization support
  • Coordination and support ISSM and ISSO’s with related activities
  • Guidance on Cybersecurity(Information Assurance)/Risk Management for system security issues
  • Assistance to ISSM and ISSO’s in researching and developing SAP documents.
  • Assistance in developing SAP packages
  • Assistance in Reciprocity requests
  • Scheduling and tracking SAP related information (such as SAP packages due dates, status, and scans).
  • Assistance to ISSM and ISSO’s in tracking and developing reporting documentation for all CGCYBER and DoD CYBER Task Orders and Data Calls.  

Tasks include the following:

  • Perform system, network and application A&A-related tasks including RMF package development, IA/security controls analysis, risk assessment, contingency planning, Security Test and Evaluation (ST&E), risk mitigation analysis, and technology reviews/assessments.
  • Provide support as an Assistant Information Systems Security Officer (AISSO) to perform security authorization process services in support of CG-9335 to include the following:
  • Follow NIST 800-37 (series) Risk Management Framework Process.
  • Follow DoD 8510.01 (series) Risk Management Framework for DoD Information Technology and National Security systems.
  • Perform security authorization and re-authorization of all CG-9335 system on SBU, classified, Platform Information Technology Systems (PITS) and Navy Program of Record. The Contractor shall use the DoD/DHS/USCG guidelines for conducting information system security authorizations. In addition, the Contractor shall use current Guides to the Security Authorization Process as guidance for the USCG SAP methodology. Use the Risk Management Framework (RMF) six-step process.
  • Assist/conduct a Risk Assessment (RA) using NIST SP 800-53 Self Assessment Checklist.
  • Assist/conduct annual Self Assessment using the NIST SP 800-53 for systems accredited under the NIST SP 800-37 (series), and assist/conduct annual IA Control Review for all accredited systems.
  • Review information system (IS) architectures, operating mode, applications, data types, system boundaries, connections and other relevant information that will allow a full risk assessment
  • Assist/conduct at any time a CG system SBU or Classified systems authorization is revoked by /AO, system security posture changes, or by normal expiration of the ATO this system shall go through the re-authorization process. The re-authorization process requires that all documents are updated with system changes and an SAP/Security Control Assessment Plan is complete prior to submitting a request for an ATO to the system AO.
  • Determine the security requirements and provide a Requirements Traceability Matrix (RTM) to the COR when requested.
  • Comply with the defined SAP process.
  • Obtain, retrieve, compile, draft and prepare necessary documentation for inclusion to the SP. Ensure that all drafts go thru Quality Assurance Review prior to delivery.
  • Verify the accuracy of the SP, system architectural diagrams, and identity of the systems being accredited as SBU or Classified.
  • Perform and conduct independent Test and Evaluation to ensure that the system’s confidentiality, integrity, and availability are maintained at the standards that are in accordance with the Federal Information Processing Standards (FIPS) 199, FIPS 200 and CNSSI 1253.
  • Perform System Architectural Analysis to include review of network connections and interfaces, review system application specification and requirements, specifically those relevant to system security, and review other pertinent system development life cycle documentation.
  • Determine if Personal Identifiable Information is stored, processed, or transmitted within the general support system. If applicable, the Contractor shall conduct the USCG’s Privacy Threshold Analysis
  • Assist in the ongoing improvement of CG-9335 Cybersecurity (Information Assurance) procedures for information system security in the classified and unclassified areas.
  • Provide support for DoD/DHS/USCG inspections and audits that take place on various CG-9335 supported systems.
  • Track, review, and make recommendations on Information Assurance Vulnerability Alerts (IAVA), Information Assurance Vulnerability Bulletins (IAVB) and Technical Advisories (TA) to determine possible security vulnerabilities within the current system configuration
  • Monitor approved FISMA dashboard to ensure that all security criteria and regulatory requirements are maintained, and that changes that affect the SAP documentation are denoted.
  • Provide support during Cyber Security Inspection (CSI) and Cyber Command Readiness Inspection (CCRI) findings for inclusion in A&A remediation plans as part of RMF Step 6 (Monitor),
  • Use the Risk Management System (RMS) and approved Risk Management tools (i.e. eMASS or others) to input information or create a SAP package during the SAP process.
  • Review and process other DoD service component Authorization via established reciprocity requirements and processes
  • Assist in developing and maintaining USCG Online SAP Web Site and SAP Tracking Tool (databases).
  • Provide meeting support, including generating meeting summaries and providing briefing materials.

Job Requirements

Security Clearance Requirement:

  • An Active DoD Secret Clearance is required for this position.

Required Knowledge, Skills, and Abilities:

  • Minimum of at least seven (7) years demonstrated experience supporting a major system acquisition program’s Security Authorization process.
  • Experience managing complex projects or programs to include preparation of reports and correspondence that are technically correct; coordination and scheduling of multiple people, tasks and functions; managing funding of requirements; providing support relative to Assessment and Authorization processes and DOD/DHS Cybersecurity (Information Assurance) directives.
  • Experience with Platform Information Technology (PIT) /Industrial Control System (ICS) analysis.
  • Familiarity with DoD/DHS Cybersecurity directives, policy, instructions and orders.
  • Experience with Acquisition Life Cycle Framework.
  • Must be willing to work onsite at US Coast Guard Headquarters in Washington, DC.

Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.