Program Security Representative

AEsir International has a unique opportunity supporting one of our highly valued Government clients, Defense Advanced Research Projects Agency (DARPA). AEsir is seeking a highly motivated Professional with the skills et and experience to support of the Nation’s premier Government Agencies in protecting advanced technologies and assets against National Security threats.

Program Security Representative (PSR) Work Location (DARPA HQ) 675 North Randolph Street, Arlington, VA 22203 One block from Ballston Mall On Site or Remote On Site @ DARPA HQ in Arlington VA Travel Up to 25% - Mostly Domestic/CONUS Workplace dress attire Business Casual Core Hours 7:00 am to 4:00 pm Parking Ballston Mall (pay to park), surrounding streets (pay to park) Metro Ballston-MU Metro Station (four blocks from DARPA work location) Key Position Requires 30 day notice for resignation Clearance/Access required Top Secret with SCI eligibility
Æsir International is a SBA certified Veteran Owned Small Business that focuses on Program Security Services, Cyber Security, as well as IT and Mission support services. Æsir International was founded on the principles of providing rapidly deployable personnel and solutions with mission centrical focus and streamlined capabilities for United States Department of Defense (DoD), Department of State (DoS), Intelligence Community (IC), as well as Commercial Industry., Æsir International is closely located to our Northern Virginia and Washington, D.C. metro area customer base with headquarters in Harpers Ferry, West Virginia and Bluemont, Virginia.

The DARPA PSR is unparalleled in any other contract position in the DoD. They are not simply rote executors of standard security processes. They must analyze and create protection strategies and tactics, frequently for technologies that exist nowhere else. They are not stove-piped into a specific type of program security support (i.e., just collateral, just SAP or SCI, or just CUI). They are responsible for providing expert security support to a program portfolio that may include fundamental research, controlled unclassified, collateral, SAP, SCI, and other compartmented information categories. As they are imbedded directly into the Technical Offices as part of a DARPA PM’s team, they are the “tip of the spear” for execution of SID’s primary function, enabling the secure development of DARPA technologies.

PSRs require a bachelor’s degree and five years of related DoD or IC program security experience, or an associate degree and eight years of related experience.

The PSR requires expertise in a broad range of topics including, but not limited to:

• Principles governing the execution of fundamental research
• Risks associated with undue foreign influence at U.S. colleges and universities
• CUI policies and their associated DFARS clauses
• S&T protection planning
• Creation of classification architectures
• Operations Security (OPSEC)
• Communications Security (COMSEC)
• Sensitive test planning
• Intelligence oversight requirements
• Intelligence & counterintelligence threat support requirements
• Secure information transmission
• Secure hardware transportation

PSRs must also possess the interpersonal communications skills required to foster confidence in their knowledge and, thus, confidence in the advice and recommendations they provide to PSOs, PMs, SETAs, Technical Office leadership, and industry/government partners.
PSRs are responsible for the following functions:

1. Develop and implement security architectures for new technology programs across the spectrum of classification, including the ability to facilitate intelligence requests to obtain state-of-the-world, rest-of-the-world, and state-of-the-art technology/capability status. In developing a new program, the PSR must be able to analyze the program objectives, to include identification of core technologies and projected end items, determine applicable national security policy, identify existing related programs (as applicable) to ensure horizontal protection, and intelligently craft a proposed security classification architecture that facilitates the secure execution of the program while balancing security protection with cost and schedule impacts. Additionally, the program’s future acquisition life cycle must be considered and addressed in the security classification architecture to facilitate transition activities.
2. Research and recommend long and short-term program protection strategies and tactics for new and established programs, or to address program extensions or changes in program direction.
3. Determine and apply appropriate security requirements (e.g. physical, information, personnel, etc.) and tasks relative to the specific technology programs to be protected. Prepare and present suggestions for improvement as appropriate.
4. Proactively participate in the BAA process in support of new programs, ensuring security requirements are clearly identified during BAA development. Coordinate with the DARPA PM and BAA Coordinator to ensure the PM-defined schedule includes sufficient time for execution of security processes, particularly for SAPs.
5. Efficiently and effectively execute the security aspects of the BAA process, including preparation and delivery of the security briefing at Industry Day, processing and tracking of PARs and facility/IT accreditation, and coordination with the CDR for secure dispatch and receipt of classified materials.
6. Create DD 254s for classified efforts in various life-cycle stages, ensuring security requirements are clear and concise. Submit DD 254s for staffing within five business days of tasking. Disseminate completed DD 254s to appropriate contractors and contracting agents within two business days of receipt.
7. Apply subject matter expert knowledge of Executive Order 13526, the National Industrial Security Program Operating Manual (NISPOM), DoD Information Security Manuals, and DoD SAP Security Manuals.
8. Facilitate the creation, coordination, and annual updates to Program Security Documents (PSDs). PSDs are required at project inception and must be completed within timelines established by the DARPA Program Manager and PSO, usually not to exceed 10 business days.
9. Create, coordinate, and maintain currency of Program Protection Implementation Plans for all assigned programs. PSRs must be able to identify critical and enabling technologies through the Technology Decomposition processes and create a DARPA S&T Protection Plan within 10 business days of tasking.
10. Understand, leverage, and incorporate Technical Area Protection Plan (TAPP) guidance where applicable into DARPA S&T project security, classification, or S&T protection architectures.
11. Facilitate, assess, and coordinate DARPA performer created S&T Protection Plans supporting the larger Project S&T Protection Plan.
12. Provide comprehensive briefings to SID leadership on sensitive test plans involving unclassified and classified projects as directed.
13. Understand and be able to articulate and assess risk associated with foreign government talent programs at U.S. colleges and universities, and the conflicts of interest and conflicts of commitment that can arise from undue foreign influence to DARPA S&T projects conducted on campus.
14. Facilitate the successful execution of CUI projects. Maintain SME expertise of E.O. 13556, the Information Security Oversight Office’s CUI Program, DoDI 5200.48 “CUI,” and the various applicable DFARS clauses associated with protection of CUI, the certification, assessment, or authorization of CUI information systems, and reporting requirements in the event of cybersecurity breaches. Applicable DFARS clauses include, but are not limited to:

• 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting”
• 252.204-7019 “Notice of NIST SP 800-171 DoD Assessment Requirements”
• 252.204-7021 “Cybersecurity Maturity Model Certification Requirements”

1. Perform OPSEC analysis and provide other OPSEC support, to include identification of critical program information (CPI), collecting and analyzing threat data, developing and coordinating program OPSEC plans.
2. Conduct security reviews of documents submitted for public release that involve assigned programs. Provide recommendation to the PSO as to whether CUI or classified information is present and release should be approved, the material should be released as is, or the material should be modified prior to release.
3. Coordinate with International Security and the DARPA International Cooperation Office, as required, to facilitate the creation and coordination of Designated Disclosure Letters and Project Agreement documentation required to support the release and sharing of specific CUI or CMI with foreign allies and participants.
4. Communicate effectively with other Service/Agency security staff on matters related to horizontal protection, program execution, and transition.
5. Develop program indoctrination briefings for assigned programs, indoctrinate newly assigned personnel, and de-brief departing personnel.
6. Support the creation, processing, coordination, and approval of SAPF/SCIF and Automated Information Systems (AIS) accreditations, as well as entering related information on facilities, IT systems, personnel, and contracts into appropriate information security management systems, including:

• DARPA Information Management System (archive)
• DARPA Facility and Security Tracking System (DFASTS)
• DARPA Security Control Suite (SCS)
• Joint Access Database Environment (JADE)
• DARPA Security Classification Research Tool (DSCRT)
• DARPA Security Management Database (DSMD)
• DISS (old JPAS)
• NSS (automated 254)

1. Develop, review, coordinate, and execute security documentation, including:

• Security Classification Guides (SCGs)
• Program Protection Plans
• Test Security Plans
• Public Affairs (PA) / Perception Management Plans
• Exposure Contingency Plans (ECP)
• Network Accreditation Plans
• System Security Plans
• Technology Transfer and Program Transition Plans
• Standard Operating Procedures (SOPs)
• Co-Utilization Agreements (CUA)
• OCONUS Deployment Plans
• Managed Access Plans
• Treaty Compliance Plans
• Transportation Plans
• Dismantle, Disposition & Demilitarization Plans
• Trip & meeting reports
• Memorandum of Understanding (MOU)
• Memorandum of Agreement (MOA)
• Program Security Document
• S&T Protection Plan
• Manufacturing Security Plan

1. Plan, coordinate, execute security support for meetings. Attend program related meetings/events (e.g., preliminary design reviews, critical design reviews, and integrated product team reviews) to monitor progress and plan for upcoming program security needs.
2. Perform staff assistance visits at assigned performer locations, and support Contractor self-inspection programs and SAPCO Security Compliance Team inspections as needed.
3. Assist with properly mitigating security incidents involving assigned programs. Track inquiry/investigation progress and provide final recommendations to the PSO for closing the incident.
4. Plan for and execute program close-out actions, including participation in program close-out reviews at performer sites.
5. Communicate autonomously and effectively up, down, and across DARPA offices, as well as with performer and transition partner security, technical, and management staff.