As a member on the Agent of the Certification Authority (ACA) team the Technical Validator will have experience in planning, analyzing, documenting, and reporting activities associated with the system security assessment and authorization (A&A) process. The Technical
Validator will travel to assess systems using the DoD Risk Management Framework (RMF) and the ICD 503 Directive.
- Performing comprehensive security assessments
- Analyzing network and IA systems in unclassified and classified environments for compliance with DoD, and US Army (AR 25-2) security configuration requirements and industry best practices
- Responsible for documentation review; reading over policy and procedures; system and network diagrams, descriptions, SOPs, previous assessment and authorization documents; compiling and generating deliverables and findings
- Reviewing IA Controls with the customer for specific applicability and compliance
- Conducting Security Tests and Evaluation (ST&E) for Authorization or re-authorization
- Analyzing ST&E results; assess, determine, and describe risks associated with the results
- Conducting Vulnerability and Risk Assessments; these processes may include scanning with authorized DoD tools and/or scripts (Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), Security Readiness Review (SRR) scripts, Security Content Automation Protocol (SCAP), and understanding of DISA Security Technical Implementation Guides (STIGs)
- Thorough knowledge of DoD and Army policies, regulations, and guidelines
- 5+ years’ Experience performing comprehensive security assessments using the Risk Management Framework (RMF)
- Technical background in networking, system engineering, database administration, web application or software development
- Experience analyzing Information Assurance systems in unclassified and classified environments for compliance
- Experience in planning, analyzing, documenting, and reporting activities associated with the system security accreditation and authorization (A&A) process
- Knowledge of NIST, CNSS, DoD, and Army policies, regulations, and guidelines
- Bachelors’ Degree or equivalent work experience
- Minimum 8 years of working experience in Information Systems including Information Technology/ cybersecurity
- Candidate must be able to obtain, and maintain, the proper clearance required for this position
- Ability to obtain required DoD 8570 IAT/CSSP certification prior to start
- Willingness to travel internationally up to 25%
- Clearance required
- Experience with security assessments
- Experience with NIST and Dod Army policies, regulations and guidelines
- Excellent verbal, interpersonal and written communication skills
- Strong analytical, problem-solving and decision-making capabilities
- Team player with the ability to work in a fast-paced environment
- Ability to multi-task in a fast-pasted environment and to work independently
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/ Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity). For more information, please read our EEO & AA policy.
Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email email@example.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
Maryland Client Office (MD88)