OBXtek Inc. is an established award-winning business providing information technology and professional management services to the federal government. OBXtek is a leader in its field and is committed to identifying, developing, and delivering innovative, mission-focused technical and logistical solutions to over 15 civilian and military partners in the Federal Government.
As a prime contractor for 93% of our current work, we possess a robust corporate infrastructure that provides management oversight and support for all our programs. OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO to create processes that leverage best practices and result in novel, successful solutions.
Information Assurance Security Specialist ACA (IASS ACA):
The IASSACA functions as an information system security testing subject matter expert (SME) by providing expertise in developing and implementing security testing for multiple Consular Affairs/Consular Systems and Technology (CA/CST) systems during the Annual Control Assessments (ACAs). In addition, the IASSACA tracks and reports status, and brings any obstacles that may impact the completion of the ACA to the attention of the PM of RM Team Lead in a timely manner. The IASSACA ensures that ACA packages are submitted to IA and follows up to ensure IA approval of ACAs prior to fiscal year end. The IASSACA has the following roles:
Annual Control Assessment (ACA) Engineer: The ACA Engineer is responsible for conducting and completing Annual Control Assessments for all Department of State CA Automated Information Systems (AIS) as part of continuous monitoring. This responsibility requires the engineer to complete work in a timely manner, conduct technical testing, and interview various government employees and contractors. This position requires a working knowledge of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and previous experience with the technical security testing of various types of software (e.g., MS SQL Server, Windows, Linux, Oracle, and Internet Information Server). The ACA Engineer should be familiar with Commercial-Off-The-Shelf (COTS) products used to facilitate the Assessment and Authorization (A&A) of systems. The ACA Engineer is responsible for entering all ACA results into the appropriate application and creating Plan of Action and Milestones (POA&M) that result from the ACA so that are actionable with realistic dates.
Plan of Action and Milestones (POA&M) Reviewer: The POA&M Reviewer is responsible for the analyzing and assisting in the remediation of all Plan of Action and Milestones (POA&M) for all systems within the CA Bureau. This responsibility includes identifying POA&M items with the stakeholder that can be resolved and reporting items closed or opened to the POA&M Manager in a clear and concise manner. The POA&M Reviewer interacts with various teams including government, operations, and development to reduce the number of POA&M findings. The POA&M Reviewer also conducts POA&M reviews of Certification findings prior to IA submission.
IASS ACA functions as an information system security subject matter expert (SME) on FISMA, NIST standards and guidelines, Privacy Act, HIPAA, E-Gov, OMB Circulars A-11 and A-130, and Clinger-Cohen as they apply to data and application security. The IASSACA is responsible for Assessment and Authorization (A&A) activities for Consular Affairs / Consular Systems and Technology (CA/CST) automated information systems (AIS) and provides A&A support for domestic and oversea deployed systems. In addition, the IASSACA tracks and reports status, and brings any obstacles that may impact the completion of the A&A to the attention of the A&A Task Lead and the Program Manager (PM) in a timely manner. The IASSACA ensures that A&A packages are submitted to IA and follows up to ensure IA approval of each phase of the A&A process prior to systems’ Authorized to Operate (ATO) expiration date.
Must have an Active Secret Clearance.
* A&A experience as it relates to cybersecurity, information assurance, or IT.
* Certified Authorization Provider (CAP) certification or obtained within 90 days of hire.
Preferred: Bachelor's Degree in related field
5 years relevant experience, CISSP or other IT and security-related certifications