- Leads the sustainment of network/information system security through testing, analysis, and application of policy and controls.
- Obtains certification and accreditation of systems, to include process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits.
- Observes, evaluates, and documents IS security certification testing.
- Reviews and evaluates System Security Plans (SSPs), System Security Authorization Agreements (SSAAs), systems and networks diagrams, Security Requirements Traceability Matrices (SRTMs), risk assessments, and associated IS Certification and Accreditation (C&A) documents.
- May perform security incident evidence gathering and evaluations.- May performs incident remediation.
- May perform incident activity review and analysis.
- Supports application of Security Technical Implementation Guides (STIGs) to information systems.
- Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and may make recommendations on process tailoring.
- May serve as Information System Security Officer (ISSO) or Information System Security Manager (ISSM).
- Complies with all Executive Director approved MERC-wide policies and procedures.
- Adheres to approved MERC MSP quality management policies and principles, and promotes an attitude of commitment to continuous quality improvement.
- Ensures thorough familiarity and awareness of all MERC core capabilities and with the MERC current and potential customer base.
- During all business-related activities, particularly during customer contacts, remains alert for any problem or opportunity that might lead to additional business for any MERC core business area.
- Whenever possible, uses any available opportunity to promote MERC capabilities and interests to customers and potential customers.
- Submits suggestions for new business opportunities or report identified customer problems or opportunities to the Director of Acquisition Strategy through a Chief Engineer.
- Supports Technical Interchange Meetings with customers.
- May mentor lower level employees.