Analyze Certification and Accreditation (C&A) documentation to support the Navy Certification Authority in determining the overall system risk for a system going through the Navy DoD Information Assurance Certification and Accreditation Process (DIACAP).
Ensure DIACAP documentation complies with the provision of DoD 8510.01 (DIACAP), and DoD 8500-series IA policy directives. Provide documentation security analysis and review, summarize required information in a Certification Determination (CD) to support CA risk determination.
Provide subject matter expertise regarding DIACAP documentation and certification evidence of programs, sites, and users. Provide risk assessment critiques and evaluations relative to NIST 800-30. Understand DoDI 8500.2 IA controls and common vulnerabilities and exposures (CVE). Be able to perform Test & Evaluation procedures in accordance with DISA guidelines and perform risk assessments based off of that testing.
- Must currently hold a SECRET clearance
- Minimum 5-7 years relevant work experience in the IA and C&A field. Work experience should include Risk Analysis efforts, system testing using DISA STIGS and industry automated scanning tools
- Thorough working knowledge of Navy C&A and IA guidance documents, messages, and instructions (e.g., as promulgated by DON CIO, OPNAV, DoD and NAVNETWARCOM)
- Familiar with the DoD acquisition life cycle
- Thorough working knowledge of the Information Assurance Vulnerability Management Process (IAVM) and FISMA requirements
- Broad technical knowledge of system architectures, network elements and protocols, and system software
- Strong direct technical experience in the field of information security and IA, to include hands on experience using security tools, penetration testing, and current/emerging threats in the vulnerability/exploit community
- Ability to technically analyze system vulnerabilities, related vendor patches and workarounds, and overall effectiveness of technical mitigations that may be put in place to reduce attack surfaces, threat vectors, or related impact of a given vulnerability
- Strong technical understanding of the OSI model, networking, system architecture analysis, and the ability to characterize and discuss findings at all layers of the OSI model from Physical Layer to Application Layer
- Must be able to remain in a stationary position 50% of the time
- Person in this position will need to occasionally move about inside the office to access file cabinets, office machinery, etc.
- Person will constantly operate a computer and other office productivity machinery; such as copy machines and printers
- Must be able to communicate with personal and clients effectively
- Must be able to inspect documents on computers 50% of the time
Bachelor of Science (preferred) or higher in a technical field related to Information Assurance or Computer Science OR a BA or higher in a managerial field related to Information Technology. Certifications (must have at least one, but all is not mandatory): Security+, CISSP, CEH, etc.
Travel required: None
Founded in 2001, Sentek is a San Diego based business as well as a Veteran Owned Small Business.
We are always seeking multiple, qualified candidates for employment opportunities in defense consulting. We are looking for someone to join our “Sentekian” team. A “Sentekian,” is a person who has a unique mindset that provides solutions one-step ahead of the rest. A "Sentekian" is always pushing for best possible performance while holding themselves to the highest standards. High expectations and focused intensity is what makes a Sentekian the consultant of choice.
Sentek Global is an Affirmative Action/Equal Opportunity Employer, and we are committed to hiring a diverse and talented workforce.
(CS Level 2)