GDIT has an opportunity for a Senior Certification and Accreditation (C&A) Analysts with Risk Management Framework (RMF) experience working with a large line of business within GDIT supporting multiple contracts for the government in the DC Metro area. We are seeking energetic, talented individuals that have a desire to help transform customer requirements supporting the mission critical IT service delivery for the Pentagon Force Protection Agency (PFPA).
The Senior C&A Analysts will be part of the PFPA Cyber Security team and will be responsible for the expedited assessment, review, tracking, coordination, preparation and successful submission of required security approval packages in compliance with DoDI 8510.01 Risk management Framework. Accreditation packages have been completed and are in the maintenance phase, whereas others are being initiated for the first time.
The Senior C&A Analysts will perform the following specific tasks:
- Conduct C&A process
- Coordinate and ensure execution of full system scans
- Coordinate and validate applicable Security Implementation Guides (STIGs)
- Coordinate and ensure remediation or mitigation of High and Medium vulnerabilities
- Track hundreds of vulnerabilities in POA&Ms and validate remediation of Critical and High vulnerabilities within 2-4 weeks that require systems to go offline. This activity requires close coordination with system administrators to test and apply patches to ensure the required changes do not impact system functionality.
- Validate systems remain compliant with current patches and updates
- Create waivers as appropriate that include purpose, justification, impact, system and operational risk
- Update and ensure all required supporting documentation is maintained in eMASS (documentation artifacts, controls)
Coordinate and track requirements for new RMF packages with system owners
Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
8-10 years of related experience in system accreditation.
Must have strong understanding of the DoD Certification and Accreditation Process and be able to execute and assist in shaping policy in line with RMF and NIST 800-53 regulations. Author documentation, and assist with engineering procedures and processes.
Be able to demonstrate experience with transitioning DoD information Systems from Risk Management Framework to DIACAP process.
Will be able to evaluate different network and enclave configurations with respect to the NIST 800-53 Security Controls and formulate and execute effective security program
Must be able to prioritize and execute tasks and work in a collaborative team environment.
Strong writing skills to produce coherent and concise documentation required for certification evaluation.
Familiar with eMASS and able to enter Security Control test results and upload supporting artifacts.
Experience with ACAS and SCAP scan.
Meet 8570 IAT II, Security+ with CE or other DoD 8570 compliant certification.