|
|
| Job Title |
C&A SME |
| Job Code |
TMR-306 |
| Date Posted |
28-May-2010 |
| Description of Duties |
Apply  |
Listings
|
JOB SUMMARY
The C&A SME will ensure that the defined security solution is effective and meets all security requirements. Responsible for ensuring that new Information Systems (IS) are designed and developed with appropriate security features and safeguards as outline in policy.
• Provide support for upgrades, ensures that the system enhancements will provide equal or improved effectiveness of the already existing security features and are consistent with policy.
• Assist the COTR in the security evaluation of the system; evaluating the adequacy of the Threat Description and the adequacy of Security Policy; and ensuring that applicable certification test and evaluation plans are developed.
• Validate security documentation (e.g., SSP, SRTM, CP).
• Support the implementation of the approved remediation actions that were recommended and identified during the C&A process.
• Review the minimum security checklist (SRTM).
• Assists in the determination of the system level of certification and the determination of which security requirements should be levied against the system.
• Review certification documentation such as test and evaluation plans (as applicable).
• Produce certification results and documents on the extent to which all information systems processing, storing, or transmitting information meet security requirements in accordance with appropriate policies.
• Manage certification testing and makes recommendations.
• Conduct system security risk analysis is conducted to determine the appropriate security requirements.
• Ensures that the system design meets a specified set of security requirements and that it includes the implementation of adequate audit capability for all security-related activities.
• Audit capability for each system is defined by the Accreditor of the system.
• Review and validate that all certification requirements have been implemented.
• Coordinate security-relevant certification issues with the DAA Representative, and the COTR.
REQUIRED SKILL SET
• Ability to develop the System Test and Evaluation (ST&E) plan to include the identification of system boundaries, the system requirements, test objectives, testing methods, the test scenario, the test procedures, and the expected results.
• Ability to conduct the C&A testing; following security requirements of applicable policies and directives
• Expertise with Federal information security requirements, standards, and guidelines such as Federal Information Security Management Act (FISMA), National Institute of Standards and Technology (NIST) publications and Federal Information Processing Standard (FIPS) Security and other technology certifications essential.
DESIRABLE SKILLS
Certification and Accreditation Professional (CAP) is desirable.
EDUCATION AND YEARS OF EXPERIENCE
• Bachelor’s degree or equivalent (equivalent is 2 years experience per year of college)
• 5 years of related experience focusing on IT security and Information Assurance for federal government or military systems
|
|
