We are looking to add a Security Specialist to support the United States Patent Trademark Office (USPTO). All candidates should have experience in the following areas:
• Selection and coordination of NIST 800-53 Revision 4 security control application
• Execution of activities required for NIST 800-37 R1 Risk Management Framework
• Responsible for coordinating all Assessment and Authorization (A&A) or Certification and Accreditation (C&A) activities, and preparing all components of a Security Authorization Package
• Application of NIST FIPS 199 to perform System Categorization
• Application of excellent analytical reasoning skills to conduct security impact analyses and act as a Cybersecurity subject matter expert (SME) to System Owners and supporting technical personnel
Critical Knowledge:
• Knowledge of FISMA, NIST 800-53 R4 Security Controls, NIST 800-37R1 Processes, FIPS 199 Categorization, and various NIST 800 series publications
• Knowledge of various technical concepts and technologies including applications, platforms, operating systems, databases, and more
• Familiarity with FedRAMP assessment, authorization and continuous monitoring processes
Critical Skills:
• Web Services, Web Sphere, JBoss
• UNIX
• Windows, VMWare
• SAN, NAS, or other Storage Technologies
• Microsoft (AD, Exchange, SharePoint, and Cloud Services)
• Oracle, MS SQL, MySQL
• Excellent oral and written communication skills
• Excellent technical writing skills
Education:
(Required)
• Bachelor's Degree
• CAP
Preferred (In addition to Required):
• CISSP (with CISSP, CAP becomes preferred, vs required)
• Master's Degree
Organizational Considerations for a good fit:
• 4 Years of IT Security Experience (constructive credit allowed for degree(s) in cyber security
• Ability to work independently and as part of a team
• Motivation and desire to increase knowledge of and responsibility for system security
• Experience selecting, implementing and documenting NIST 800-53 R4 Security Controls to secure systems
• Experience updating system Security Authorization Packages
• Strong technical writing/security documentation experience