*US Citizen and eligible to obtain a Public Trust.*
- Support the Governance program as an advisor to the system/application owner to ensure appropriate implementation of the NIST Security Framework through the lifecycle of the system including but not limited to the pre-security assessment tasks and coordination with System Owners (SO)
- Provide support with data type selection and system categorization according to FIPS 199
- Ensure the vulnerability scans are coordinated and conducted prior to the assessment including submitting scan forms and credentials
- Work with appropriate stakeholders (e.g. Vulnerability Management branch) to review and analyze vulnerability scan results to identify trends
- Coordinate and facilitate pre-assessment meetings with stakeholders
- Review and advise SO with IS&P requirement documents for new systems
- Provide support for reviewing the system to identify and offer advice on elimination of unnecessary IT protocols, functions, ports, and/or services
- Provide policy guidance on IaaS, PaaS, and SaaS implementation to Cloud environments, procurement of Cloud solutions, and assessments of applications residing in Cloud environments
- Provide assistance to SO and system stewards in Security and Privacy assessments
- Review Security Impact Analysis for major changes prior to production
- Provide Security and Privacy guidance to SOs and/or their respective POCs
- Provide support to SO with analyzing Plan of Actions and Milestones (POA&M) and remediation solutions and costs. Related solutions may be communicated to the SO/customer via electronic media and/or oral discussions as identified by the requestor
- Create, document, review and edit as appropriate (new and existing) system security documents for completion and accuracy (to include but not limited to SCD, SSP, SIA, PIA, PTA, POA&M, Disaster Recovery Plan/DRP, etc.) to ensure security requirements are included
- Review of the Risk Assessment Report (RAR) with SO for completion and accuracy
- Review and assist in obtaining SO information and steward signatures on all assessment packages
- Create and utilize a risk methodology, which includes amicable methods of reducing operating risks for computing systems
- Review and/or input CSAM Analysis for assessments and common control inheritance. Review for applicability and remaining residual risk and provide and/or input CSAM system updates as required
- Provide Weekly/Monthly Labor Distribution Report. Report to include identification of time expended on activities/duties for the current week (M-F) and document activities participated within for the week outlining major activities participated by for each staff member.
- Successful completion of a four (4) year degree from an accredited college or university in Engineering/Math/Science
- At least five (5) relevant years of experience planning, managing, and implementing technical IT Security projects/programs under Government contracts
- Demonstrated ability to analyze and synthesize data
- Ability to work independently or as part of a team
- Self-motivated, well-organized, and detail-oriented
- Proficient in Microsoft Tools
- Ability to obtain a Public Trust security clearance
- Ability to work independently or as part of a team
- Excellent verbal and written communication skills