Address
Form of workThe role will work within a team that supports a wide varieties of security activities including supporting third party assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF), review security impact on change requests, review accounts for the systems under their purview, and other duties to ensure compliance with FISMA and other security requirements mandated by the agency.
This individual will provide information to the Client so that the proper documentation can be updated, to include the System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), and other documentation.
Responsibilities and Duties:
Facilitate meetings with contractor, Agency and third-party contractor staff to support A&A-related engagements.
Track artifact and meeting requests and providing status reports on outstanding items to Agency staff.
Coordinate with contractor and Agency staff to provide requested artifacts for A&A-related engagements in a timely manner.
Review artifacts provided by contractor staff to ensure requested information have been properly provided and meet appropriate security/privacy requirements.
Coordinate vulnerability remediation efforts with contractor and Agency staff in order to remediate findings within specified deadlines.
Review policies and procedures for compliance with applicable standards; and to identify areas of improvement for finding remediation
Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
Identify potential risks associated with system configurations and advise on mitigation strategies
Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
Assist customer program offices in interpreting and applying mitigation strategies
Review documentation to ensure compliance with Federal cybersecurity requirements
Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document to ISSO
Maintain cybersecurity procedures and processes as assigned
Able to analyze, interpret, and apply Federal cybersecurity guidance to customer needs
Qualifications
Required Skills:
2 or more years of IT experience
Experience developing A&A documentation from scratch and performing assessments; RMF step 1 through 4
Experience supporting ISSOs or acting as one
Familiar with NIST publications, specifically RMF and NIST controls
Familiar with dealing with defense-in-depth, and other information security and assurance principles and associated supporting technologies
Excellent customer service and organization skills
Excellent oral and written communication skills
Must be able to review artifact and meeting requests and determine correct contractor personnel based on requested information
Must be highly organized and detail oriented
Must be able to take initiative and work independently or as a member of a team.
Must demonstrate proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently and accurately in a dynamic and fluid environment
Must have an active Secret Clearance.
DoD 8570 IATII Certification
Desired Qualifications
Desired Skills:
Experience working with Security engineering to review Nessus Vulnerability / Tripwire compliance scans
Experience performing on-site cybersecurity assessments using Standards such as CIS Benchmarks, DISA STIGS, etc.
Broad technical experience related to IT operations, networks, OS's, and system administration
