- Assists with the sustainment of network/information system security through testing, analysis, and application of policy and controls.
- Assists with obtaining certification and accreditation of systems, to include process support, analysis support, coordination support, security certification test support, security documentation support, investigations, software research, hardware introduction and release, emerging technology research inspections, and periodic audits.
- Observes, evaluates, and documents IS security certification testing.
- Reviews and evaluates System Security Plans (SSPs), System Security Authorization Agreements (SSAAs), systems and networks diagrams, Security Requirements Traceability Matrices (SRTMs), risk assessments, and associated IS Certification and Accreditation (C&A) documents.
- May perform security incident evidence gathering and evaluations.
- May perform incident remediation.
- May perform incident activity review and analysis.
- Supports application of Security Technical Implementation Guides (STIGs) to information systems.
- Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and may make recommendations on process tailoring.
- May serve as Information System Security Officer (ISSO) or Information System Security Manager (ISSM).
- Complies with all Executive Director approved MERC-wide policies and procedures.
- Participates in Technical Interchange Meetings with customers.