seeking a qualified CRA Engineer. Supporting the MDA Security Control Assessors (SCA) as the
Independent Verification and Validation (IV&V) team by performing complete
and thorough risk assessments for the MDA. Daily responsibilities include
performing risk assessments on packages submitted from the Information System
Security Manager (ISSM) in Enterprise Mission Assurance Support Service (eMASS).
These submissions include System Security Plans
(SSP), Interim Authorization To Test (IATTs), Authorization to Operate (ATO),
and Authorization to Connect (ATC).
- The CRA Engineer evaluates data from
many sources to develop a holistic assessment that enables the Authorizing
Official (AO) to make an informed authorization decision. This process
takes vulnerabilities associated with noncompliant RMF controls and evaluates
their risk to the mission and the agency to arrive at a residual risk.
- Conducts risk and vulnerability assessment at the
network, system and application level. Validates security control
implementation and assesses operational risk mitigations along with
assisting in security awareness programs. Involved in a wide range of
security issues including architectures, firewalls, electronic data traffic,
and network access.
- Researches, evaluates and recommends new security
tools, techniques, and technologies and introduces them to the enterprise in
alignment with IT security strategy. Assists in the awareness and education of
the required government policy (i.e., DoDI 8500 series and NIST 800 series),
and makes recommendations on process tailoring.
- Performs analyses to validate established
security requirements and to recommend additional security requirements and safeguards.
Supports the formal Security Test and Evaluation (ST&E) required by each
government accrediting authority through pre-test preparations, participation
in the tests, analysis of the results, and preparation of required reports.
Periodically conducts a review of each system's audits and monitors corrective
actions until all actions are closed. May support cyber metrics development,
maintenance and reporting. May provide briefings to senior staff.
- Interacts regularly with internal personnel
(government and contractor staff) on significant technical matters often
requiring coordination between organizations.
- Bachelors (or higher)
preferred, with 14 years of IT experience, with at least 5 years of
advanced cybersecurity experience
- Active Secret Clearance with
the ability to obtain a TS/SCI
- Must meet
DoDM 8570.01-M, IASAE Level II requirements
- Current CASP+CE, CISSP (or
Associate), or CSSLP certification(s).
- Active TS/SCI Clearance
- Successful candidate will
understand the Risk Management Framework (RMF) and the NIST 800-53 RMF
Security Control Catalog.
- Candidate should have
experience assessing compliance and performing risk
- Strong technical writing skills
are required for producing Risk Assessment Reports and writing assessments
that will be presented to the SCA and the AO for decision.
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions.
We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability