Liberty Alliance · 5 hours ago

Information Security Analyst (ATO)

Full-time

Remote

Mid, Senior Level

5+ years exp

Maximize your interview chances

Defense and Space Manufacturing

No H1B

U.S. Citizen Only

Security Clearance Required

Insider Connection @Liberty Alliance

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Assemble the security authorization package, consisting of the updated security plan, the security assessment report (SAR), and the plan of action and milestones (POA&M). The security authorization package must also contain, or provide links to, the appropriate documentation for any security controls that are being satisfied through inheritance (e.g., security authorization packages, contract documents, memorandums of agreement (MOAs), and service level agreements (SLAs)). The security authorization package is submitted to the Authorizing Official (AO), via the Authorizing Official Designated Representative (AODR) if appropriate, for review and final acceptance.

Support implementation of the risk management framework (RMF).

Maintain awareness of service-level changes to internal Authority to Operate processes in order to facilitate reciprocity of the Information System (IS) across the department.

Identify the security requirements provided by the organization as common requirements for organizational IS and document the requirements in the AO Determination Brief.

Document the AO Determination Brief and Continuous Monitoring Strategy.

Document the implementation as appropriate in the System Security Plan (SSP), and AO Determination Brief, providing a functional description of the implementation.

Conduct initial remedial actions based on findings and reassess remediated risk(s) as appropriate.

Prepare the Plan of Action and Milestones (POA&M) based on the findings and recommendations from the SAR, including any remediation actions taken.

Assemble and submit the Security Authorization Package (SAP) to the Cyber Risk Assessor (CRA). References are not part of the Security Authorization Package but must be documented and made available.

Assess a selected subset of security requirements employed within and inherited by the IS in accordance with the organization-defined monitoring strategy.

Conduct remediation actions based on the results of ongoing monitoring activities, assessment or risk, and outstanding items in the POA&M.

Update AO Determination Brief, SAR, and POA&M based on the results of the continuous monitoring process.

Report the security status of the IS (including the effectiveness of security requirements employed within and inherited by the IS) to the AO and other appropriate organizational officials on an ongoing basis and in accordance with the continuous monitoring strategy.

Perform continuous monitoring and maintenance of ATOs.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security Authorization PackageRisk Management Framework (RMF)Continuous MonitoringIAM III credentialsDoD ATO processEMASSInformation SecurityPlan of ActionMilestones (POA&M)System Security Plan (SSP)Security Clearance

Required

Must be a US Citizen.

You will be required to obtain and maintain an interim Secret and/or final TS security clearance prior to entrance on duty. Failure to obtain and maintain the required level of clearance may result in the withdrawal of a job offer or removal.

This position is designated as a Cyber IT/Cybersecurity Workforce position. You must obtain and maintain IAM III level credentials within 6 months of appointment.

Previous experience with DoD ATO process using eMASS or similar.

Minimum 5 years of experience in information security or technology.

Travel 10%.

Place of performance: Mountain View, CA; National Capital Region, or other DIU location as directed by DIU.