Defense Health Agency (DHA) Cybersecurity Assessment and Authorization Support
The Defense Health Agency (DHA) is a joint, integrated Combat Support Agency that enables the U.S Army, U.S Navy, and U.S Air Force medical services to provide a medically ready force and ready medical force to Combatant Commands. The DHA supports the delivery of integrated, affordable, and high-quality health services to Military Health System (MHS) beneficiaries and is responsible for driving greater integration of clinical and business processes across the MHS.
The DHA Cybersecurity Assessment and Authorization Support task will assist in the project execution of Combat Support and Information Assurance (IA) services at locations throughout the Continental US (CONUS) and Outside the Continental US (OCONUS) areas. This includes support to all DOD Military Health Services sites, which vary in size from 1500 to over 60,000 server and workstation assets, and support as many 430 Programs of Record Systems as determined by the sponsor of varying size, architecture and operating systems.
- Provide subject matter expertise to develop and review plan to assess the security controls.
- Assess the security controls in accordance with the assessment procedures defined in the DHA security assessment plan.
- Prepare the security assessment report documenting the issues, findings, and recommendations from the security control assessment
- Conduct initial remediation actions on security controls based on the findings and recommendations of the security assessment report and reassess remediated control(s), as appropriate
- Assess a selected subset of the technical, management, and operational security controls employed within and inherited by information systems in accordance with the organization defined monitoring strategy.
- Provide assistance to system owner, enclave, or site personnel to complete required RMF documentation, addressing Independent Validation and Verification (IV&V) results and assisting enclave personnel in preparing all types of RMF Authorization for review by the Validator, Security Control Assessor (Representative)(SCA(R)), or the Authorizing Official (AO).
- Review Security Design documentation to ensure comprehensive security requirements and compliance with DoD and Federal requirements and guidelines
- Review and provide input on physical, application and networking security policies procedures and practicesEducation:
- BS degree in Engineering, Physics, Network Security, Information Systems or Computer Science
- Six (6) years of experience in Engineering, Systems Analysis, Medical Systems, Information Assurance, Web Development, or Engineering Management to include: Systems Analysis, Systems Architecture, Systems/Equipment Support, Test and Evaluation, and Logistics support of C4ISR requirements.
- Three (3) years of technical experience in support of information assurance/network protection or virtualization projects. Note: Experience may be concurrent.
- Advanced degrees substitute for experience as follows: Ph.D. -“ five (5) years of experience; MS -“ two (2) years of experience
- Active Secret Clearance
- IAT/IAM Accreditation within 6 months of assignment as well as Security+ Certification