Emagine IT is an information technology consulting services company that specializes in delivering technology solutions to meet the needs of clients. Our reputation reflects the high quality of the talented Emagine IT team and the consultants working for our clients. Our mission is to understand and meet the needs of both our clients and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end users, and give our clients a competitive edge, now and into the future. As business systems integrators, we will align our clients’ business processes and information systems to enable them to access the right information at the right time, empowering them to achieve their desired business results and create enterprise value.
Supports the Defense Health Agency with assessment and authorization (A&A) efforts. Conducts cybersecurity analysis in preparation for A&A. Covers technical information security aspects including, but not limited to, identifying risks, providing mitigation plan of action, analyzing system designs, assisting with A&A issues that may be preventing a system from receiving authorization, and developing custom mitigation solutions for information system vulnerabilities.
Responsibilities and Duties
Assessment and Authorization
- Identifies key stakeholders in the A&A effort for medical systems and networks and works with them to confirm that the system documentation reflects the current security configuration of the system, in terms of hardware and software components, data flow, interconnections, and ports, protocols, and services
- Identifies potential risks associated with the configuration of the system and appropriate mitigation strategies
- Conducts status meetings and determines next steps in moving the systems toward a successful accreditation effort
- Works with the cybersecurity team to develop and implement the detailed test plan and review findings from self-assessment to determine readiness for independent assessment
- Conducts manual checks of the systems during independent testing and reports them in a plan of action and milestones (POA&M) document
- Uses the automated tools HIAT and eMASS to capture and report test results
- Assists the system owners and system SAs in interpreting and applying mitigation strategies
Independent Validation and Verification
- Conducts in-depth analysis of Independent Validation and Verification (IV&V) and functional/operational test results for accuracy, compliance, and adherence to DoD and Federal cybersecurity technical and operational security requirements
- Documents residual risks by conducting a thorough review of all the vulnerabilities, architecture, and defense in depth and provides the cybersecurity risk analysis and mitigation determination results for the Test Report
- Assists the Validator with producing the risk assessment artifacts describing residual risks identified during A&A testing
- Schedules and conducts eMASS training for DHA and Program Office personnel
- Develops/maintains agency level cybersecurity policy and processes that implement DoD Cybersecurity program
- Has an expert knowledge of NIST publications and is able to work strategically on transition of DIACAP to RMF
- Has knowledge of DISA STIGs/FDCC requirements, defense-in-depth, and other information security and assurance principles and associated supporting technologies
- Communicates the security posture of systems up the chain of command via CSTAR and eMASS so that accreditation decisions can be made based on a thorough understanding of the risks associated with the particular configuration of systems and networks
- Identifies strategies for improving the A&A processes and procedures to meet increasingly tight timelines and budgets
Experience with DIACAP and RMF in DHA a plus
Experience with Accreditation package management in eMASS a plus
Excellent customer service and organization skills
Excellent oral and written communication skills
Qualifications and Education
- BA/BS in Information Systems Management, Computer Science or related discipline plus 8+ years of experience.
- Must have BA/BS in Information Systems Management, Computer Science or related discipline plus 8+ years of experience.
- Must have CISSP, CAP, CISA, or CISM to start work (minimum).
- Active Secret clearance
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.