Job Information
Amentum Vulnerability Assessment Analyst (VAA), Advanced (Tier 3) - TS/SCI in Columbia, Maryland
We are seeking a Vulnerability Assessment Analyst (VAA) Advanced for a prime contract that is based out of a Columbia, MD office. As VAA Advanced, you will serve on a team that is responsible for the Authorization and Assessment process under the Risk Management Framework (RMF) for new and existing information systems and will be expected to contribute technically for all assigned systems going for an Authority to Operate.
The work environment is fast-paced and sometimes involves deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers. Our program includes easily available process information and support from others with similar positions across the team.
Plans, coordinates, and integrates all systems engineering tasks adhering to a disciplined systems engineering process throughout all acquisition phases of the assigned subsystem, system or system of systems and approve ATO/IATOs.
Will have the opportunity to work across multiple domains, learning new Cybersecurity tools and techniques to enhance your technical skillset. This is an opportunity to work hand-in-hand with the customer in an exciting and dynamic program.
Responsibilities:
The VAA Tier 3 will be working within a small and dynamic team to manage the technical components of authorizations of multiple systems and networks of various size and complexity. The team will be focused on ensuring ATO compliance for various classified systems.Additionally, the VAA will be performing several cybersecurity functions to support the organization to include the following:
Site Surveys and Interface Technologies
Vulnerability Assessments, Penetration Testing, and Continuous Monitoring
Risk Management Framework Services, Certification and Accreditation (RMF CA) support
Policy Refinement
Incident Response and Forensic Analysis
Compliance Review and Oversight Inspections
Cyber Security Training and Product Development
#divergent
Experience in cybersecurity within Intelligence Community and/or DoD Assessment and Authorization processes.
The VAA must have experience in the following:
Evaluating information system security architecture for functionality and efficacy.
Assessing information system threats based on government and open source data.
Teaming with Program Office IT personnel to advise, implement, and oversee the CIO’s vulnerability management program.
Developing and maintaining the following documents and providing relevant input to Authorizing Officials (AO) and/or their designee
Status of Plans of Actions and Milestones (POA&Ms)
Security Controls Traceability Matrices (SCTMs)
Risk Assessment Reports (RARs)
Information System Security Concepts of Operations (ISS CONOPs)
Security control assessment test plans
Engaging as a member of an Incident Response Team (IRT):
Managing, monitoring, and reviewing security monitoring data feeds for anomalies
Coordinating inquiries, threat analysis, containment and eradication with the Security Operations Center (SOC)
Developing after-action reports for Program Security Officer (PSO) and AO reporting.
Representing Program Office as a liaison with the software application services developers to validate the scope, objectives, and approach to cybersecurity requirements’ fulfillment.
Representing CSU as a liaison with PSOs in the assessment of government and Industry partners’ compliance with cybersecurity policy.
Applying tile Risk Management Framework as required by DoDM 5205.07 Volume 1, ICD 503, and C-NSSI 1253 to the Program Office’s information systems based on community of interest trends and mission sensitivity.
Defining, organizing, and leading delivery of cybersecurity education and training
Liaising to Community organizations for the purpose of:
Exchange of techniques, tradecraft, and practices related to the execution of a cybersecurity program
Developing community guidance on cybersecurity best practices.
Strengthening the Program Office’s standing within the cybersecurity community
Clearance Required: Active TS/SCIMinimum Education: N/AMinimum Years of Experience: Eight (8) years of related work experience
#divergent
Amentum
- Amentum Jobs