About
Job Description
Responsibilities and Duties:
Perform independent validation and verification (IV&V) review of USPTO government and contractor
Certification and Accreditation (C&A) packages with the requirements identified in the Initiation Phase
(phase I), Certification Phase (phase II), Accreditation Phase (phase III), and Continuous Monitoring
phase in accordance with overall NIST C&A Guidance issued in NIST SP 800-37, NISP SP 800-18 for
developing System Security Plans, the NIACAP, and the DITSCAP.
Conduct Quantitative Review of USPTO government and contractor Certification and Accreditation
(C&A) Packages to ensure that they comply with the USPTO C&A Checklist and other applicable
standards and guidance from a standardization and consistency standpoint. The review for each C&A
package will include the System Security Plan with all appendixes/attachments, the Security Assessment
Report with all appendixes/attachments, the Plans of Actions and Milestones (POA&M), the certification
statement, the accreditation statement, and other supporting security-related documentation in either
soft or hard copy. Each C&A package will be reviewed in accordance with the review criteria and the
results for each C&A package review will be documented utilizing the approved checklist.
Information Assurance/Security Specialist
(a) Determines enterprise information assurance and security standards.
(b) Develops and implements information assurance/security standards and procedures.
(c) Coordinates, develops, and evaluates security programs for an organization. Recommends
information assurance/security solutions to support customers requirements.
(d) Identifies, reports, and resolves security violations.
(e) Establishes and satisfies information assurance and security requirements based upon the analysis of
user, policy, regulatory, and resource demands.
(f) Supports customers at the highest levels in the development and implementation of doctrine and
policies.
(g) Applies know-how to government and commercial common user systems, as well as to dedicated
special purpose systems requiring specialized security features and procedures.
(h) Performs analysis, design, and development of security features for system architectures.
(i) Analyzes and defines security requirements for computer systems which may include mainframes,
workstations, and personal computers.
(j) Designs, develops, engineers, and implements solutions that meet security requirements.
(k) Provides integration and implementation of the computer system security solution.
(l) Analyzes general information assurance-related technical problems and provides basic engineering
and technical support in solving these problems.
(m) Performs vulnerability/risk analyses of computer systems and applications during all phases of the
system development life cycle.
(n) Ensures that all information systems are functional and secure.
Education:
Skills/Experience/Certifications Required:
5 years experience in independent validation and verification (IV&V) of Certification and Accreditation
(C&A) packages
Skills/Experience/Certifications Preferred:
* BS/MS in IT or related field
* ISC2 CAP (Certified Authorization Professional)
* CISSP
* Security +
Citizenship Requirements:
Citizenship not required
Security Clearance Level:
Eligible for Moderate Background Investigation
(MBI)