Position Type: Onsite Location: Arlington, VA Clearance: TS with SCI eligibility Travel: Up to 25% CONUS Responsibilities:
Develop and implement security architectures for new technology programs across the spectrum of classification, including the ability to facilitate intelligence requests to obtain state-of-the-world, rest-of-the-world, and state-of-the-art technology/capability status. In developing a new program, the PSR must be able to analyze the program objectives, to include identification of core technologies and projected end items, determine applicable national security policy, identify existing related programs.
Research and recommend long and short-term program protection strategies and tactics for new and established programs, or to address program extensions or changes in program direction.
Determine and apply appropriate security requirements (e.g. physical, information, personnel, etc.) and tasks relative to the specific technology programs to be protected. Prepare and present suggestions for improvement as appropriate.
Proactively participate in the BAA process in support of new programs, ensuring security requirements are clearly identified during BAA development. Coordinate with the DARPA PM and BAA Coordinator to ensure the PM-defined schedule includes sufficient time for execution of security processes, particularly for SAPs.
Efficiently and effectively execute the security aspects of the BAA process, including preparation and delivery of the security briefing at Industry Day, processing and tracking of PARs and facility/IT accreditation, and coordination with the CDR for secure dispatch and receipt of classified materials.
Create, submit, and disseminate DD 254s for classified efforts in various life-cycle stages, ensuring security requirements are clear and concise.
Apply subject matter expert knowledge of Executive Order 13526, the National Industrial Security Program Operating Manual (NISPOM), DoD Information Security Manuals, and DoD SAP Security Manuals.
Facilitate the creation, coordination, and annual updates to Program Security Documents (PSDs).
Create, coordinate, and maintain currency of Program Protection Implementation Plans for all assigned programs.
Identify critical and enabling technologies through the Technology Decomposition processes and create a DARPA S&T Protection Plan
Understand, leverage, and incorporate Technical Area Protection Plan (TAPP) guidance where applicable into DARPA S&T project security, classification, or S&T protection architectures.
Facilitate, assess, and coordinate DARPA performer created S&T Protection Plans supporting the larger Project S&T Protection Plan.
Provide comprehensive briefings to SID leadership on sensitive test plans involving unclassified and classified projects as directed.
Understand and be able to articulate and assess risk associated with foreign government talent programs at U.S. colleges and universities.
Facilitate the successful execution of CUI projects. Maintain SME expertise of E.O. 13556, the Information Security Oversight Office’s CUI Program, DoDI 5200.48 “CUI,” and the various applicable DFARS clauses associated with protection of CUI, the certification, assessment, or authorization of CUI information systems, and reporting requirements in the event of cybersecurity breaches. Applicable DFARS clauses include, but are not limited to:
252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting”
252.204-7019 “Notice of NIST SP 800-171 DoD Assessment Requirements”
252.204-7021 “Cybersecurity Maturity Model Certification Requirements”
Perform OPSEC analysis and provide other OPSEC support, to include identification of critical program information (CPI), collecting and analyzing threat data, developing, and coordinating program OPSEC plans.
Conduct security reviews of documents submitted for public release that involve assigned programs. Provide recommendation to the PSO as to whether CUI or classified information is present and release should be approved, the material should be released as is, or the material should be modified prior to release.
Coordinate with International Security and the DARPA International Cooperation Office, as required, to facilitate the creation and coordination of Designated Disclosure Letters and Project Agreement documentation required to support the release and sharing of specific CUI or CMI with foreign allies and participants.
Communicate effectively with other Service/Agency security staff on matters related to horizontal protection, program execution, and transition.
Develop program indoctrination briefings for assigned programs, indoctrinate newly assigned personnel, and de-brief departing personnel.
Support the creation, processing, coordination, and approval of SAPF/SCIF and Automated Information Systems (AIS) accreditations, as well as entering related information on facilities, IT systems, personnel, and contracts into appropriate information security management systems.
Plan, coordinate, execute security support for meetings. Attend program related meetings/events (e.g., preliminary design reviews, critical design reviews, and integrated product team reviews) to monitor progress and plan for upcoming program security needs.
Perform staff assistance visits at assigned performer locations, and support Contractor self-inspection programs and SAPCO Security Compliance Team inspections as needed.
Assist with properly mitigating security incidents involving assigned programs. Track inquiry/investigation progress and provide final recommendations to the PSO for closing the incident.
Plan for and execute program close-out actions, including participation in program close-out reviews at performer sites.
Communicate autonomously and effectively up, down, and across DARPA offices, as well as with performer and transition partner security, technical, and management staff.
Requirements:
Position requires expertise in the following:
Principles governing the execution of fundamental research.
Risks associated with undue foreign influence at U.S. colleges and universities.
CUI policies and their associated DFARS clauses
S&T protection planning
Creation of classification architectures
Operations Security (OPSEC)
Communications Security (COMSEC)
Sensitive test planning
Intelligence oversight requirements
Intelligence & counterintelligence threat support requirements
Secure information transmission
Secure hardware transportation
Required Education/Experience: Requires a Bachelor’s degree and ten (10) years of related DoD or IC program security experience, or an associate degree and twelve (12) years of related experience.