The Program Security Representative (PSR) role stands as unparalleled within the Department of Defense (DoD) contract positions. Unlike mere implementers of standard security procedures, individuals in this capacity are tasked with comprehensive analysis and the formulation of protective strategies and tactics. Their purview extends to technologies of unique nature, not found elsewhere. They operate without confinement to specific program security support silos, encompassing collateral, Special Access Programs (SAP), Sensitive Compartmented Information (SCI), Controlled Unclassified Information (CUI), and other compartmented information categories.

Embedded directly within the Technical Offices as integral members of DARPA Program Managers' teams, they serve as the vanguard in executing the Security and Intelligence Directorate's (SID) primary mandate. Their core responsibility lies in facilitating the secure development of DARPA's cutting-edge technologies.

The PSR requires expertise in a broad range of topics including, but not limited to:

• Principles governing the execution of fundamental research
• Risks associated with undue foreign influence at U.S. colleges and universities
• CUI policies and their associated DFARS clauses
• S&T protection planning
• Creation of classification architectures
• Operations Security (OPSEC)
• Communications Security (COMSEC)
• Sensitive test planning
• Intelligence oversight requirements
• Intelligence & counterintelligence threat support requirements
• Secure information transmission
• Secure hardware transportation

PSRs must also possess the interpersonal communications skills required to foster confidence in their knowledge and, thus, confidence in the advice and recommendations they provide to PSOs, PMs, SETAs, Technical Office leadership, and industry/government partners.

PSRs are responsible for the following functions:

1) Develop and implement security architectures for new technology programs across the spectrum of classification, including the ability to facilitate intelligence requests to obtain state-of-the-world, rest-of-the-world, and state-of-the-art technology/capability status. In developing a new program, the PSR must be able to analyze the program objectives, to include identification of core technologies and projected end items, determine applicable national security policy, identify existing related programs (as applicable) to ensure horizontal protection, and intelligently craft a proposed security classification architecture that facilitates the secure execution of the program while balancing security protection with cost and schedule impacts. Additionally, the program’s future acquisition life cycle must be considered and addressed in the security classification architecture to facilitate transition activities.

2) Research and recommend long and short-term program protection strategies and tactics for new and established programs, or to address program extensions or changes in program direction.

3) Determine and apply appropriate security requirements (e.g. physical, information, personnel, etc.) and tasks relative to the specific technology programs to be protected. Prepare and present suggestions for improvement as appropriate.

4) Proactively participate in the BAA process in support of new programs, ensuring security requirements are clearly identified during BAA development. Coordinate with the DARPA PM and BAA Coordinator to ensure the PM-defined schedule includes sufficient time for execution of security processes, particularly for SAPs.

5) Efficiently and effectively execute the security aspects of the BAA process, including preparation and delivery of the security briefing at Industry Day, processing and tracking of PARs and facility/IT accreditation, and coordination with the CDR for secure dispatch and receipt of classified materials.

6) Create DD 254s for classified efforts in various life-cycle stages, ensuring security requirements are clear and concise. Submit DD 254s for staffing within five business days of tasking. Disseminate completed DD 254s to appropriate contractors and contracting agents within two business days of receipt.

7) Apply subject matter expert knowledge of Executive Order 13526, the National Industrial Security Program Operating Manual (NISPOM), DoD Information Security Manuals, and DoD SAP Security Manuals.

8) Facilitate the creation, coordination, and annual updates to Program Security Documents (PSDs). PSDs are required at project inception and must be completed within timelines established by the DARPA Program Manager and PSO, usually not to exceed 10 business days.

9) Create, coordinate, and maintain currency of Program Protection Implementation Plans for all assigned programs. PSRs must be able to identify critical and enabling technologies through the Technology Decomposition processes and create a DARPA S&T Protection Plan within 10 business days of tasking.

10) Understand, leverage, and incorporate Technical Area Protection Plan (TAPP) guidance where applicable into DARPA S&T project security, classification, or S&T protection architectures.

11) Facilitate, assess, and coordinate DARPA performer created S&T Protection Plans supporting the larger Project S&T Protection Plan.

12) Provide comprehensive briefings to SID leadership on sensitive test plans involving unclassified and classified projects as directed.

13) Understand and be able to articulate and assess risk associated with foreign government talent programs at U.S. colleges and universities, and the conflicts of interest and conflicts of commitment that can arise from undue foreign influence to DARPA S&T projects conducted on campus.

14) Facilitate the successful execution of CUI projects. Maintain SME expertise of E.O. 13556, the Information Security Oversight Office’s CUI Program, DoDI 5200.48 “CUI,” and the various applicable DFARS clauses associated with protection of CUI, the certification, assessment, or authorization of CUI information systems, and reporting requirements in the event of cybersecurity breaches. Applicable DFARS clauses include, but are not limited to:

• 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting”
• 252.204-7019 “Notice of NIST SP 800-171 DoD Assessment Requirements”
• 252.204-7021 “Cybersecurity Maturity Model Certification Requirements”

15) Perform OPSEC analysis and provide other OPSEC support, to include identification of critical program information (CPI), collecting and analyzing threat data, developing and coordinating program OPSEC plans.

16) Conduct security reviews of documents submitted for public release that involve assigned programs. Provide recommendation to the PSO as to whether CUI or classified information is present and release should be approved, the material should be released as is, or the material should be modified prior to release.

17) Coordinate with International Security and the DARPA International Cooperation Office, as required, to facilitate the creation and coordination of Designated Disclosure Letters and Project Agreement documentation required to support the release and sharing of specific CUI or CMI with foreign allies and participants.

18) Communicate effectively with other Service/Agency security staff on matters related to horizontal protection, program execution, and transition.

19) Develop program indoctrination briefings for assigned programs, indoctrinate newly assigned personnel, and de-brief departing personnel.

20) Support the creation, processing, coordination, and approval of SAPF/SCIF and Automated Information Systems (AIS) accreditations, as well as entering related information on facilities, IT systems, personnel, and contracts into appropriate information security management systems, including:

• DARPA Information Management System (archive)
• DARPA Facility and Security Tracking System (DFASTS)
• DARPA Security Control Suite (SCS)
• Joint Access Database Environment (JADE)
• DARPA Security Classification Research Tool (DSCRT)
• DARPA Security Management Database (DSMD)
• DISS (old JPAS)
• NSS (automated 254)

21) Develop, review, coordinate, and execute security documentation, including:

• Security Classification Guides (SCGs)
• Program Protection Plans
• Test Security Plans
• Public Affairs (PA) / Perception Management Plans
• Exposure Contingency Plans (ECP)
• Network Accreditation Plans
• System Security Plans
• Technology Transfer and Program Transition Plans
• Standard Operating Procedures (SOPs)
• Co-Utilization Agreements (CUA)
• OCONUS Deployment Plans
• Managed Access Plans
• Treaty Compliance Plans
• Transportation Plans
• Dismantle, Disposition & Demilitarization Plans
• Trip & meeting reports
• Memorandum of Understanding (MOU)
• Memorandum of Agreement (MOA)
• Program Security Document
• S&T Protection Plan
• Manufacturing Security Plan

22) Plan, coordinate, execute security support for meetings. Attend program related meetings/events (e.g., preliminary design reviews, critical design reviews, and integrated product team reviews) to monitor progress and plan for upcoming program security needs.

23) Perform staff assistance visits at assigned performer locations, and support Contractor self-inspection programs and SAPCO Security Compliance Team inspections as needed.

24) Assist with properly mitigating security incidents involving assigned programs. Track inquiry/investigation progress and provide final recommendations to the PSO for closing the incident.

25) Plan for and execute program close-out actions, including participation in program close-out reviews at performer sites.

26) Communicate autonomously and effectively up, down, and across DARPA offices, as well as with performer and transition partner security, technical, and management staff.

Job Types: Full-time, Contract

Experience level:

• 5 years

Experience:

• Program Security: 5 years (Required)

Security clearance:

• Top Secret (Required)

Ability to Commute:

• Arlington, VA 22203 (Required)

Willingness to travel:

• 25% (Required)

Work Location: In person