Bachelor's Degree in Computer Science, Information Systems, Software Engineering or related field
5+ years IT security experience with focus on Certification and Accreditation or risk analysis
Knowledge of Federal C&A practices and policies like FISMA and NISP SP 800-53
5+ years experience with information assurance tools
5+ years experience with federal clients
Ability to work both independently and collaboratively
Excellent written and oral communication skills
Active Top Secret clearance required.
Responsibilities
Research and document information security controls via Federal C&A processes
Propose and enforce security policies and procedures
Collect and report on IA and CND metrics for various compliance areas
Analyze vulnerability assessment reports and advise on remediation
Develop Plan of Action and Milestones (POA&Ms) for security vulnerabilities
Conduct reviews of security documents and incidents
Report on overall security status and incidents
Coordinate authorization packages for compliance.
Full Job Description
Job Description
Research, verify and document information security controls using the Federal Certification and Accreditation (C&A) processes.
Propose, communicate, and enforce security policies, procedures and methodologies.
Collect, compile, and report IA and CND metrics relating to Connection Approval Process, Certification and Accreditation Compliance, Information Assurance Vulnerability Management Compliance, Inspection Compliance Status, and FISMA Compliance.
Analyze reports from vulnerability assessment scanners, patch management tools, and emerging threat information to advise on the risk and remediation of security issues.
Develop Plan of Action and Milestones (POA&Ms) for identified vulnerabilities to initiate, coordinate and track the patching and remediation of security weaknesses.
Bachelor's Degree (Preferable: Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines)
5+ years experience in IT security, including Certification and Accreditation and/or IT security risk analysis/advice, preferably in support of the Federal government.
Knowledge of Federal government C&A practices and policies (Preferable: ICS 503, FISMA, NISP SP 800-53, and DHS 4300)
5+ years experience with information assurance tools preferred
5+ years experience working directly with a federal client
Ability to work independently and also collaborating closely with project managers, engineers, and others
Working knowledge of Ongoing Authorization with in the NIST Framework