Information Assurance Analyst Level IV

Kalman & Company is seeking to hire an Information Assurance Analyst Level IV working onsite at Fort Detrick, MD.

Primary Responsibilities:

1. The contractor shall examine JPM CBRN Medical programs and system characteristics to determine whether compliance with Department of Defense Instruction (DODI) 8500.01 is recommended or required and will develop an acquisition Cybersecurity Strategy when required.

2. The contractor shall ensure that each JPM CBRN Medical program, when required, has a Cybersecurity Strategy that is consistent with DOD policies, standards, and architectures, to include relevant standards.

3. The contractor shall assist in the identification of Critical Program Information (CPI) in terms of their importance to the program being developed.

4. The contractor shall assist in the identification of foreign collection threats to the program, identify elements that require classification, and determine the phases at which such classification should occur and the duration of such controls.

5. The contractor shall provide support for Development Test (DT), User Demonstration (UD), User Feedback Event (UFE), Operational Assessment (OA), and Operational Test (OT) events and address each CPI as well as other relevant information requiring protection, including export controlled information and sensitive buy unclassified information.

6. The contractor shall manage the Host-Based Security System (HBSS) and install, configure, and maintain computer and network security software, including instances of the Assured Compliance Assessment Solution (ACAS), the Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) Viewer, and other cybersecurity software test and scanning software applications.

7. The contractor shall document programs' overall cybersecurity approach and requirements, including determining the appropriate Certification and Accreditation (C&A) process, contributing content for Life Cycle Management Plans (LCMPs), assisting programs in the creation of a Security Classification Guide (SCG), and assisting in the development of Program Protection Plans (PPPs) Appendix E, the Cybersecurity Strategy.

8. The contractor shall manage information-related risks in enterprise architectures, acquisition strategies, and testing and evaluation, and work to achieve cybersecurity C&A.

9. The contractor shall ensure fielded information systems and networks are defended to maintain confidentiality, integrity, availability, authentication, and non-repudiation by identifying, developing, and applying risk management framework technical-, operational-, and management[1]related security controls and protection mechanisms.

10. The contractor shall guide JPM CBRN Medical programs in the development of Acquisition Cybersecurity Strategy.

11. The contractor shall assist in the identification of Critical Technology and address CPI as well as other relevant information requiring protection, including export-controlled information and sensitive but unclassified information.

12. The contractor shall directly interface with JPM CBRN Medical in discussions concerning cybersecurity, including (but not limited to) topics which address use of the DISA STIG in the software application and system development process, use of the DISA Enterprise Mission Assurance Support Service (eMASS) tool to document program progress during the C&A process, and the Risk Management Framework and its critical alignment with a program's System Development Life Cycle (or Software Development Life Cycle, as appropriate.)

13. The contractor shall work in conjunction with JPM CBRN Medical to facilitate risk management framework activities.

14. The contractor may be required to travel up to 20% Continental United States (CONUS) and less than 10% Outside Continental United States (OCONUS).

The salary range for this position is $90K/year-$105K/year and is used as a general guideline only and is not a guarantee of compensation. Kalman considers factors such as, but not limited to, position responsibilities, education, work experience, knowledge, training, skills, and business considerations when extending an offer.

Minimum Requirements:

• US citizenship is required.
• An Active Secret Clearance is required.
• The contractor shall have or be able to obtain the appropriate Risk Management Framework (RMF)
• Training within the first six months of employment at no cost to the government.
• The contractor shall have an active security-related certification, Certified Authorization Professional (CAP), Certified Information Systems Security Professional (CISSP), or Security+) or will obtain the certification within the first year of employment at no cost to the Government. The contractor should take the International Information Systems Security Certification Consortium (ISC) 2 TM Certified Authorization Professional (CAP) Certification Prep Self Study (11 hours) during on-boarding at no cost to the Government.
• The contractor shall possess seven (7) years of experience providing information technology support services, including information assurance.
• The contractor shall possess organizational skills. In addition, the contractor shall possess senior-level interpersonal and communication skills, both oral and written. The contractor shall have proficiency with the Microsoft Office Suite.

Preferred:

• Familiarity with Joint Program Executive Office for Chemical, Biological, Radiological and Nuclear Defense (JPEO-CBRND) programs is desired.