Job ID: 200563
Location: COLORADO SPRINGS, CO, United States
Date Posted: Feb 12, 2020
Subcategory: Cyber Sec Analyst
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: TS/SCI
Potential for Teleworking: No
SAIC is seeking a qualified CRA Engineer. Supporting the MDA Security Control Assessors (SCA) as the Independent Verification and Validation (IV&V) team by performing complete and thorough risk assessments for the MDA. Daily responsibilities include performing risk assessments on packages submitted from the Information System Security Manager (ISSM) in Enterprise Mission Assurance Support Service (eMASS).
These submissions include System Security Plans (SSP), Interim Authorization To Test (IATTs), Authorization to Operate (ATO), and Authorization to Connect (ATC).
The CRA Engineer evaluates data from many sources to develop a holistic assessment that enables the Authorizing Official (AO) to make an informed authorization decision. This process takes vulnerabilities associated with noncompliant RMF controls and evaluates their risk to the mission and the agency to arrive at a residual risk.
The CRA Engineer position is responsible for executing and documenting risk assessments, including interacting directly with the SCAs and the ISSMs and their Cybersecurity support staff, and supporting the AO signing.
Conducts risk and vulnerability assessment at the network, system and application level. Validates security control implementation and assesses operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Assists in the awareness and education of the required government policy (i.e., DoDI 8500 series and NIST 800 series), and makes recommendations on process tailoring.
Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff.
Work is performed without appreciable direction. Exercises considerable latitude in determining technical objectives of assignment. Completed work is reviewed from a relatively long-term perspective for desired results. Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results.
Interacts regularly with internal personnel (government and contractor staff) on significant technical matters often requiring coordination between organizations.
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability