Job Description:
Responsibilities:
- Applies extensive knowledge of a variety of the Cybersecurity field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems.
- Applies extensive experience with the implementation of the NIST SP 800 family of publications, particularly those associated with NIST’s Risk Management Framework and FedRAMP.
- Coordinating with system owners, IT staff, and developers to ensure all associated artifacts are accounted for as it applies to the Information System being accredited.
- Reporting, responding, and documenting the IS into the system of record at the customers site for each system to obtain ATO for the project.
- Ensuring system scans are properly imported into the system or record to meet Continuous Monitoring requirements as part of the RMF life cycle.
- Working with the ISSM/ISSE/SCA’s and coordinating with program PM through the RMF/A&A process.
- Applies extensive specialized knowledge of financial audit standards, classified system IA requirements and Privacy Act requirements.
- Applies extensive experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines.
- Works independently to solve problems quickly and completely.
- Possess ability to assess and weigh current and evolving security threats in an operational environment.
- Outstanding problem solving and analytical skills, including ability to create clear observations, analysis and conclusions based on customer interviews and data.
- Team player who can collaborate with multiple stakeholders to arrive at the best solution.
Nice to have:
- Applies extensive knowledge and experience with all of the following criteria:
- Vulnerability scanning execution, assessment, and analysis
- Operating system (Linux/Windows) and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN])
- Information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies
- Application security, database security, and network security
- Relies on extensive experience and judgment to plan and accomplish goals.
- Possess experience in supporting, monitoring, testing, and troubleshooting hardware and software IA problems.
Job Requirements:
Qualifications:
- Current TS/SCI w/FSP
- B.S. in Cybersecurity, Computer Science, or some related field with 8 - 10 years of experience, or a Master's with 6 - 8 years of experience
- The ideal candidate possesses a mix of Cybersecurity experience i.e., FISMA, Risk Management Frame Work (RMF), Governance, Compliance, Technical Security
To have one of the following certifications is a plus:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- CompTIA Advanced Security Practitioner (CASP)
- Systems Security Certified Practitioner (SSCP)
- Certified Information Systems Auditor (CISA)