GOVERNMENT AGENCY: NIST - National Institute of Standards & Technology
POSITION INFORMATION: Full-Time Position; Government contractor supporting NIST
LOCATION: Remote; candidate ideally will reside in the DC/MD/VA area to ensure they can attend occasional in person meetings if requested by the NIST customer in Gaithersburg, MD
POSITION TIMING: 2/15/2024 - Tentative Start Date
BENEFITS: Health, Dental and Vision, 401(k), Flexible Spending Account (FSA), 11 Paid Federal Holidays, PTO, education reimbursement
ITC Federal, Inc. is an information technology and consulting company focused on servicing the needs of the Federal Government. ITC's mission is to apply earned expertise in information technology and information assurance/security to assist this client in achieving its mission. ITC is located in Fairfax, VA and offers outstanding compensation and benefits plan and a challenging and rewarding professional work environment.
Senior Security Analyst will be focused on Security Assessment & Authorization (A&A) of systems for the National Institute of Standards and Technology (NIST). The Senior Security Analyst is expected to be capable of lending subject matter expertise while performing A&A activities. The Senior Security Analyst will demonstrate a strong knowledge of Security Requirement Analysis, Security Architecture , Enterprise Security Program Assessment, evaluating Vulnerability Assessment results and perform other duties as required.
RESPONSIBILITIES:
- Conducting A&A activities for NIST systems working individually or as part of a team.
- Work with NIST staff to provide technical and policy driven solutions to remediate or mitigate identified risks.
- Support system personnel with remediation plans for A&A findings.
- Provide guidance to Information System Security Officers (ISSO) on system documentation.
- Coordinate/conduct vulnerability scans and analyze results.
- Complete Security Assessment Reports involving both technical and policy related aspects of the assessment.
- Review and update A&A packages based on management feedback.
REQUIRED:
- 5 - 8 years of experience implementing the NIST 800 Series Special Publications.
- Demonstrable experience:
- Conducting IT assessor activities based on the NIST Risk Management Framework, to include the interviewing, examining and testing of related control sets; the review and/or updates of core system documents- System Security Plans, Contingency Plans, Privacy Threshold Assessments, hardware and software inventories, and system diagrams.
- Performing Security Test and Evaluation and developing Security Assessment Reports for NIST senior management.
- Delivering risk and vulnerability briefings confidently to management and government customers.
- Knowledge of the formation and implementation of IT security policies to ensure confidentiality, integrity and availability of information systems.
- Strong technical oral, writing and customer service skills as you will regularly interact with NIST colleagues and senior managers.
PREFERRED:
- Active Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA) or comparable certification
- Advanced Degree in computer science or related field or related experience
- Direct experience with NIST or other academic environments.
- Expertise with COTS based security tools (i.e. RSA Archer, CSAM, Tenable, WebInspect, AppDetective) used to establish security baselines and assess continuing compliance.
SECURITY CLEARANCE REQUIREMENTS:
- Ability to successfully pass a National Agency Check with Local Agency Check (NACLC)
WORK ENVIRONMENT AND PHYSICAL DEMANDS: Candidate must be able to function in general office environment.
ITC Federal, Inc. is an equal opportunity/affirmative action employer and will not discriminate against any application for employment on the basis of age, race, color, gender, national origin, religion, creed, disability, veteran status, marital status, sexual orientation, genetic information, military status, disability, or sex including pregnancy and childbirth or related medical condition or on any other basis prohibited by law.