CENTERPOINT Designated Authorizing Official Representative (DAOR) in St. Louis, Missouri
Customer: Intel Client
CENTERPOINT is seeking a motivated and customer-oriented cybersecurity professional to support our IC client. The candidate will support the client in execution of Risk Management Framework (RMF) based Assessment & Authorization (A&A) activities. Specifically, the candidate will support RMF process as a Designated Authorization Official Representative (DAOR) and will provide subject matter expertise on cyber risk management, technical and non- technical, involving the identification and prioritization of security risks throughout the System Development Lifecycle (SDLC). In addition, the candidate will develop & document risk assessment results and recommendations using identified threats, applicable vulnerabilities, and likelihood of occurrence within the context of client risk tolerances.
Categorize Information Systems: The candidate shall coordinate with the ISO to categorize Information Systems. The candidate shall identify the potential impact (low, moderate, or high) resulting from the loss of Confidentiality-Integrity-Availability (C-I-A) if a security breach occurs.
Select Security Controls: The candidate shall select appropriate security controls to protect an Information System and properly manage mission, business, and system risks, enterprise-wide.
Implement Security Controls: The candidate shall assist ISOs in implementing common, hybrid, and system-specific security controls.
Authorize Information Systems
Required Experience: 5+ years of experience performing RMF support in the DoD
Experience with RMF, CNSSI 1253, NIST SP 800-53, ICD 503
Experience reviewing Security Technical Implementation Guides (STIGs) and ACAS scans
Experience with utilizing Telos XACTA tool and/or EMASS tool
Applies knowledge of Information Assurance Vulnerability Alerts (IAVAs)
Applies experience with compliance and vulnerability scanning tools (Nessus, McAfee ePO)
Conducts comprehensive risk assessments levied against a system and documenting the results, including recommendations for Authority to Operate (ATO)
Experience developing Risk Assessment Report (RAR)
Ability to conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the system
Performs security risk assessments on cloud-based systems (i.e., AWS)
Verifies closure of liens and update POA&Ms, as applicable
- IAM Level III (CISSP, CISM, or GSLC)
Education Requirements: B.S. or equivalent relevant experience
Clearance Requirement: Active TS/SCI