Senior Systems Security Analyst - Alexandria, VA
Alexandria, VA

Job Description

Responsibilities and Duties:

Perform independent validation and verification (IV&V) review of USPTO government and contractor

Certification and Accreditation (C&A) packages with the requirements identified in the Initiation Phase

(phase I), Certification Phase (phase II), Accreditation Phase (phase III), and Continuous Monitoring

phase in accordance with overall NIST C&A Guidance issued in NIST SP 800-37, NISP SP 800-18 for

developing System Security Plans, the NIACAP, and the DITSCAP.

Conduct Quantitative Review of USPTO government and contractor Certification and Accreditation

(C&A) Packages to ensure that they comply with the USPTO C&A Checklist and other applicable

standards and guidance from a standardization and consistency standpoint. The review for each C&A

package will include the System Security Plan with all appendixes/attachments, the Security Assessment

Report with all appendixes/attachments, the Plans of Actions and Milestones (POA&M), the certification

statement, the accreditation statement, and other supporting security-related documentation in either

soft or hard copy. Each C&A package will be reviewed in accordance with the review criteria and the

results for each C&A package review will be documented utilizing the approved checklist.

Information Assurance/Security Specialist

(a) Determines enterprise information assurance and security standards.

(b) Develops and implements information assurance/security standards and procedures.

(c) Coordinates, develops, and evaluates security programs for an organization. Recommends

information assurance/security solutions to support customers requirements.

(d) Identifies, reports, and resolves security violations.

(e) Establishes and satisfies information assurance and security requirements based upon the analysis of

user, policy, regulatory, and resource demands.

(f) Supports customers at the highest levels in the development and implementation of doctrine and

policies.

(g) Applies know-how to government and commercial common user systems, as well as to dedicated

special purpose systems requiring specialized security features and procedures.

(h) Performs analysis, design, and development of security features for system architectures.

(i) Analyzes and defines security requirements for computer systems which may include mainframes,

workstations, and personal computers.

(j) Designs, develops, engineers, and implements solutions that meet security requirements.

(k) Provides integration and implementation of the computer system security solution.

(l) Analyzes general information assurance-related technical problems and provides basic engineering

and technical support in solving these problems.

(m) Performs vulnerability/risk analyses of computer systems and applications during all phases of the

system development life cycle.

(n) Ensures that all information systems are functional and secure.

Education:

Skills/Experience/Certifications Required:

5 years experience in independent validation and verification (IV&V) of Certification and Accreditation

(C&A) packages

Skills/Experience/Certifications Preferred:

* BS/MS in IT or related field
* ISC2 CAP (Certified Authorization Professional)
* CISSP
* Security +

Citizenship Requirements:

Citizenship not required

Security Clearance Level:

Eligible for Moderate Background Investigation

(MBI)