C&A DIACAP Analyst
The Cybersecurity Analyst shall provide the following services:
Develop and maintain cybersecurity documentation to support DoD Information Assurance Certification and Accreditation Process (DIACAP), National Institute of Standards and Technology (NIST) Risk Management Framework (RMF), and Navy Platform Information Technology (PIT) assessment and approval requirements to achieve an Authority to Operate or PIT Risk approval (PRA).
Develop and/or maintain a Plan if Action & Milestones (POA&M) of vulnerability findings for each C&A/A&A/PIT package in Navy eMASS and coordinate actions and milestones to achieve closure of each finding.
Monitor the Lifecycle of the IT/PIT system to verify the implementation of ongoing vulnerability assessment & remediation efforts in accordance with the system Configuration Management Plan.
Review Key performance parameters (KPPs) and Key System Attributes (KSAs) of the IT/PIT system and (1) develop applicable cybersecurity test procedures, (20 execute applicable best security practices (e.g. STIGs), and (3) Monitor and implement (as appropriate) policies and guidance from DoD/Navy/NAVSEA to mitigate cybersecurity risk to the system.
Collaborate with system engineers, and software developers to ensure that cybersecurity controls are implemented throughout the acquisition lifecycle of the IT/PIT system and documented in eMASS during the C&A/A&A/PRA process to include security control development, implementation, execution and reporting. Additionally, the contractor should apply mitigations to security controls as applicable.
Validate the IT/PIT systems' compliance with all applicable IA Controls for an assigned DON system, including developing the appropriate test procedures if necessary, executing the test procedures and documenting the results of the security testing in eMASS.
Collaborate with system administrators to conduct compliance and vulnerability assessment of IT/PIT systems utilizing automated DoD cybersecurity tools (e.g. Assured Compliance Assessment Solution (ACAS), SCAP Computer Checker (SCC), and DISA STIG Viewer) throughout the acquisition lifecycle of the system
Collaborate with system administrators to maintain a detailed inventory of all software components within a C&A/A&A/PRA package for systems prior to and after fielding.
TDI was founded in 2001 to pursue Cyber Security as its core competency. Since inception, TDI has led or participated in more than 100 separate information security tasks in the government and commercial areas around the world. TDI has outstanding credentials in its core capabilities of penetration testing, program management, information security, C&A, FISMA compliance, and all areas of cyber security engineering. We pursue the latest developments in information security through active lecturing at international information security conferences, publishing information security articles, and working on the cutting edge of information security development programs.
"We provide our clients the peace of mind that their business is running in a safe and secure environment. We do this by delivering high-quality, innovative information assurance and cyber security services and solutions."
"TDI will be an acknowledged global leader in information assurance and cyber security by delivering outstanding service and superior outcomes for our customers."
Employees are our primary source of strength
Employees should enjoy their work, feel part of the company, and share in its profits
Our clients deserve the top talent in Information Assurance
Total access to senior management and openness with each other is a cornerstone to our success
Our work environment promotes and rewards employee initiative
A flexible organization is always open to new ideas and solutions
Our well managed growth preserves our culture
We have a responsibility to contribute meaningfully to the field of Information Assurance, influence its growth, and set the standard.
Dam Neck, VA
Mon, 13 Mar 2017 14:06:20 PDT