H3O Labs is looking for an A&A Validator topPerform as a Cybersecurity Assessment and Authorization validator supporting Defense Counterintelligence and Security Agency (DCSA) at Quantico, Virginia in support of the DSS Office of the Chief Information Officer (OCIO.)
• Carries out the functionality of an A&A validator
• Meet with stakeholders regularly to assess needs and requirements; analyze IA metrics; identify trends and emerging technologies, threats, and mission requirements; and assist with producing briefings to senior leadership.
• Analyze enterprise–level IA policies and review other CIO and IT policies for compliance as required.
• Assist with improvement of DCSA vulnerability management and Assessment and Authorization (A&A) processes, including reviewing or verifying Risk Management Framework packages, such as Plans of Action and Milestones (POA&Ms); evaluating the risk posed by vulnerabilities to DCSA missions, networks, and data; and making recommendations.
• Perform A&A and program protection activities within established timelines, recommend courses of action for program managers and system owners to ensure compliance with DCSA orders and policy, and maintain an acceptable level of risk.
• Support the development of Cybersecurity education, training, and awareness for client personnel, as required.
• Conduct assessments of information systems to identify vulnerabilities, risks, and protection needs.
• Perform scans/testing on multiple platforms according to authorized A&A processes and scripts, and validate the output of those scans against defined standards.
• Identify the root cause of complex problems from an A&A perspective and provide deliverables to enable ATO acceptance.
• Generate A&A artifacts, solution concepts, and designs.
• Develop deliverables meeting DCSA requirements and security requirements outlined in DISA STIGs.
• Review and evaluate testing reports and mitigate reported vulnerabilities, assess risks, and document exceptions.
• Interface with other teams to create an overall solution to meet A&A requirements.
• Communicate security and technical specifications, guidance, and instructions clearly and effectively to IT stakeholders.
• Complete certification sustainment related training/continuing education as required to maintain certification status in accordance with the contract statement of work.
• 3+ years hands-on technical Cyber Security experience and knowledge of DISA Security Technical Information Guides (STIGs), DoD A&A Process, NIST SP 800-53 and 800-30, IA Technical Framework, and other applicable DoD Cyber Security policies and A&A processes.
• DoD 8570.01-M IAM Level I or Level II certification, but must have a Level II technical background including experience as a Systems or Network Administrator
• Proficiency in Microsoft Office Suite
• Must be able to work independently and be a self-starter
• Analytical and problem-solving skills
• Possess interpersonal skills and a collaborative management style
• Must be a U.S. Citizen with an Active Secret Clearance
• Must be able to obtain a TS/SCI Clearance
- Associates or Bachelor’s Degree in Information Technology, Information Systems Management, or Cyber Security
- Hands-on eMASS Experience
- Hands- on experience working with ACAS, SCAP, STIG
- Thorough understanding of 8570 / 8140 Compliance requirements
- Proficiency with Information Assurance (IA) Tools
**No 3rd Parties or Staffing Agencies please
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristics.
All H3O offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held.
H3O Labs will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with H3O Labs legal duty to furnish information