Produce error free government IT system Security Authorization (SA) Packages.
Perform independent compliance reviews, tracking, and continuous monitoring of newly submitted SA packages.
Draft, submit and manage IT system Plan of Action and Milestones (POA&M).
Advise and assist the Government System Owner (SO) with the Lifecycle SA process and develop a Systems Security Plan (SSP).
Monitor and track projects in the SA test queue.
Maintain and manage a document repository where SA project documentation is stored (i.e. XACTA).
Work closely and act as the system liaison with developers to identify the appropriate certification/approval processes and authorities.
Record/register actions concerning project approvals to operate in the SA database.
Read and analyze SSPs and develop understanding of systems and applications into security test plans.
Coordinate and lead SA actions and system testing with appropriate security personnel.
Prepare and Review error free Vulnerability Remediation Plans (RP).
Take the lead in Assembling and submitting SA packages to Principal Accreditation Authority/Designated Accreditation Authority (DAA) that include, but are not limited to: SSP, RP, Contingency Plan (CP), Contingency Plan Test (CPT), Privacy Impact Assessment (PIA), Privacy Threshold Analysis (PTA), etc.
Review IA Compliance Validation Tests and Reports.
Act as SA project register, managing the SA registration process.
Perform as a Security Consultant to the assigned Government Program/System.
Establish and maintain positive working relationships with all government IT System Stakeholders.
Act as a leader and mentor to junior ISSO team members.
15+ years of experience in Information Security, with a concentration on SA and ISSO responsibilities as it applies to the US Government, or 8+ years and a Master's degree in Cyber Security.
Extensive experience developing A&A packages, FISMA and National Institute of Standards and Technology (NIST).
Active Secret level security clearance (no current/open/ongoing re-investigations).
At least one Cyber Security Certification (e.g. Security +, CISSP, CISM, etc.).
Must possess demonstrated experience in all phases of preparing and reviewing complete Security Authorization (SA) packages for information technology systems and/or applications as defined by the Federal Information Security Management Act of 2002 (FISMA) and implemented by NIST guidance.
Experience with Nessus, WebInspect, IP360 or similar scan tools.
Be able to communicate effectively through written and verbal means to co-workers and government senior leadership.
Be able to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals and milestones are met.
Be prepared to take full responsibility for the performance of IA Compliance Validation Tests, reports, and tracking.
Be prepared to offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessments/mitigation approaches.
Be able to work well with collateral engineers, analysts and managers on related programs.
Be able to conduct effective and error free vulnerability assessments of networked and stand-alone information systems to the extent of conclusively validating all technical controls found within NIST SP 800-53.
Take full ownership of system security and meeting program/system deadlines.
Be prepared to assume a leadership role and assist the onsite PM in the day-to-day management of the ISSO team.
Ability to mentor junior staff.
Possess an advanced Cyber Security Certification (CISSP, CISM, CASP).
Possess a B.A. or B.S. degree in related field.
Ability to act as a trusted consultant and offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessment/mitigation approaches.
Extensive knowledge of DHS requirements security requirements (i.e. DHS 4300).
Be a Subject Matter Expert (SME) in the fields of NIST publications, FISMA requirements and reporting, privacy data identification and handling, security engineering, certification and accreditation (C&A) procedures, security architecture, vulnerability assessments, computer forensics, computer network defense, and policy development.
Team eGT's ideal candidate is a cyber leader who will thrive in a fast paced environment that demands accountability from each team member.