The Employee shall provide for the tasks documented in this narrative on a best effort, Level of Effort (LOE) basis with the number of FTEs listed under labor categories.
The Customer’s office provides guidance on the use of various technologies related to the Customer’s mission, to provide critical technical direction regarding infrastructure, networks, and supply chain issues. The Customer also conducts systems testing and evaluation, and delivers technical support to investigations and insider threat issues.
To accomplish this work, the Customer utilizes mission specific systems and networks. These systems/networks need to maintain current security certifications and are recertified in accordance with established regulations.
B. Work Requirement:
The Employee shall coordinate activities to make sure that mission systems are available to utilize for investigations and assessments.
The Employee shall develop and prepare required artifacts for certifications and accreditations submissions in accordance with regulations.
The Employee shall use the Customer’s Risk Management Framework (RMF) to successfully obtain system accreditation.
The Employee shall utilize XACTA to adhere to accepted assessment methodologies and standards.
The Employee shall interpret Nessus vulnerability scans and remediate.
The Employee shall perform security analyses of network architecture and provide guidance in the development of functional requirements.
The Employee shall coordinate accreditation and certification activities with other stakeholders.
The Employee shall maintain baseline functional specifications and standards for deployed systems.
The Employee shall maintain baseline technical specifications and standards for deployed systems.
The Employee shall coordinate with stakeholders to ensure problem and issue resolution.
The Employee shall manage and update the master support schedule.
The Employee shall have the following required skills and demonstrated experience:
• Demonstrated experience understanding Risk Management Framework (RMF).
• Demonstrated experience navigating RMF processes in order to achieve Authorization to Proceed.
• Demonstrated experience with cloud information security related topics.
• Demonstrated experience with different types of virtual environments, such as VMWare, OpenStack, and AWS.
• Demonstrated experience communicating complex technical concepts and project or technical information to both technical and non-technical audiences.
• Demonstrated experience with the full software development lifecycle.
• Demonstrated experience operating vulnerability assessment tools such as Nessus, Webnspect, and AppDetective, and analyzing the results produced by those tools.
• Demonstrated experience understanding the system development lifecycle.
• Demonstrated experience understanding systems development data requirements gathering.
• Demonstrated experience analyzing systems and networks for development.
• Demonstrated experience with documentation preparation for systems development.
Other demonstrated experiences which are highly desired, though not required, include:
• Demonstrated experience with forensic software utilized by Customer.
• Demonstrated experience providing information security guidance to the organization throughout the system lifecycle.
• Demonstrated experience with the Customer’s accreditation process.
• Demonstrated experience with procurement processes.
• Demonstrated experience providing recommendations in technical standards, security standards, and operational assurance.
• Demonstrated experience interfacing with vendors and third party producers.
• Desired Certifications:
o Certified Information Systems Security Professional (CISSP) certification
C. Labor Categories:
The Employee shall provide a team comprised of the following labor categories.
Labor Category FTE
Certification and Accreditation Certification Officer 1
D. New or Existing work:
This is a new requirement.
E. Place of Performance
The place of performance is within the Washington Metropolitan Area (WMA).
Local travel (POV) will be on an as needed basis within the WMA.