Description

VAE, Inc. is a full service IT Infrastructure Solutions Company focused on building, securing and supporting our clients' mission critical enterprises. We provide a distinctive array of design, integration and implementation services as well as fully managed service offerings. VAE is at the forefront of leveraging multi-tenant capable technologies and shared IT services to create secure, reliable and cost-effective end-to-end services and solutions. We deliver exceptional infrastructure solutions with extremely talented employees using a client-focused partnering approach.

The Senior Assessment and Authorization Specialist will support DISA's sensing capabilities through the full Risk Management Framework process. This includes supporting system accreditation, maintaining Authority to Operate status, performing compliance scans, sustaining accredited baselines, and ensuring all systems remain fully compliant with DoD cybersecurity policies..

ESSENTIAL FUNCTIONS/RESPONSIBILITIES:

• Develop, update, and maintain RMF documentation including System Security Plans, Security Assessment Reports, and Plans of Action and Milestones.
• Support achieving and maintaining Authority to Operate status for the life of the contract.
• Review Government findings monthly, identify mitigations, and submit remediation reports.
• Ensure compliance with all applicable STIGs, SRGs, and IAVA requirements for hardware, firmware, and software.
• Conduct weekly and monthly system compliance scans using approved tools and upload results to DISA reporting systems.
• Remediate STIG and IAVA findings and apply patches, updates, and workarounds in accordance with published IAVA notices and directives.
• Maintain DISA CIO accredited baseline configurations for sensing systems in lab and production environments.
• Ensure deployed systems remain consistent with the authorized baseline unless deviation approval is obtained.
• Update baseline systems monthly with required patches, fixes, and configuration updates.
• Ensure all hardware is labeled with classification level, inventory control number, hardware identification, and that cables are labeled for identification.
• Follow standard rack elevations, wiring diagrams, and configuration guidance as directed by the sensing Program Manager.
• Support continuity of operations, configuration management, operational sustainment, and system evolution activities.
• Maintain documentation related to configuration control, security compliance, inventory, and assessments.

• Active Secret clearance required
• Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, or related field; equivalent experience considered.
• Minimum three (3) to seven (7) years of experience supporting RMF, cybersecurity compliance, information assurance, or A&A activities.
• Experience developing RMF artifacts including System Security Plans, Security Assessment Reports, and POA&Ms.
• Experience working with DISA STIGs, IAVA processes, ACAS, Nessus, SCC, and DISA security compliance systems.
• Experience managing system baseline configurations and maintaining accredited configurations.
• Knowledge of DoD cybersecurity policies including DoDD 8500.1 and DoDI 8510.01.
• DoD 8570 IAT II or IAM I certification required (Security+, CySA+, CISM, CASP, CISSP or equivalent).
• Strong understanding of vulnerability management principles and security control implementation.
• Ability to work both independently and collaboratively in a fast paced, mission focused environment.
• Strong written and verbal communication skills with experience supporting cross functional teams.

VAE, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

PI281142648