Assists in identification of overall security requirements for the protection of data, to ensure the implementation of appropriate information security policies, activities, and controls.
Performs the security planning, assessment, risk analysis, risk management process, security control assessments, and awareness activities for systems and networking operations.
Assists the Government to ensure that IA functions, particularly those focusing on infrastructure protection and defensive IT strategy, have been included in the development and risk management process.
Interacts with customers, IT staff, and high-level corporate and Government officers to assist in defining and achieving required risk management objectives for their organizations.
Contributes to building security architecture to NSA standards.
Assists with coordinating the integration of legacy systems and existing IT environment for risk management.
Contributes to the acquisition/RDT&E environment and building IA into systems deployed to operational environments.
Creates and reviews security authorization documentation.
Day to day activities will include expertise in the following:
System security design process, defense-in-depth/breadth, engineering life cycle, information domains, cross-domain solutions, controlled interfaces, identification, authentication, and authorization, system integration, ICD 503 and (formerly NISCAP)
Risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, auditing, security authorization process, principles of IA (confidentiality, integrity, non-repudiation, availability, access control), and security testing.