We are looking for an Information Security Specialist to join our team on an upcoming cyber security program supporting our federal client.
Responsibilities Include:
-
Risk Management and Information Security Continuous Monitoring (ISCM) and System Security Support:
-
Create and present Risk Management Framework (RMF) briefings for existing information systems requiring Authorization to Operate (ATO) renewals.
-
Conduct Security Impact Assessments (SIA's) to determine if proposed changes to information systems warrant a new Assessment & Authorization.
-
Continuous Monitoring reporting based on the Continuous Diagnostic and Mitigation (CDM) program.
-
Plan of Action and Milestones (POA&Ms) and Interconnection Security Agreement (ISA):
-
Creation, monitoring, closing, and reporting POA&Ms.
-
Enter POA&Ms, received via email, into Xacta with a Weakness Completion Verification Form (WCVF) routed to the lead responder within 3 days of receipt.
-
Schedule working sessions to ensure dates for completion are on target and to assist with recommending mitigation efforts, when needed.
-
Process POA&Ms received by the POA&M support desk for further routing within 3 days of signature. Processing includes further routing for signature or documentation updates, scanning, and filing in Xacta.
-
Assist with the analysis and interpretation of risks associated with scan results as they pertain to individual systems within 3 days of receiving results.
-
Creation and modification of Interconnection Security Agreements (ISA) documentation will be completed by provided deadlines for projects and SLAs.
-
ISA documentation for all customers to be reviewed and modified as necessary within 365 calendar days of previous update cycle.
-
Automate the POA&M management through system to track status, report, and escalate issues.
-
Automate notifications to POA&M responsible individuals and Assessors.
-
Technical Continuous Monitoring:
-
Support Information System Security Officer(s) (ISSO) with technical assessment and Information System analysis in accordance with the customer's risk management framework.
-
Monitor and report technical security controls in accordance with the customer's Continuous Monitoring plan/strategy.
-
Evaluate, interpret, and incorporate new customer and NIST technical control standards into information system boundaries as control standards are published.
-
Perform Quality Assurance support on Information Systems Security controls.
-
Support non-standard technical requests that impact the System or multiple customers, within one (1) business day.
-
Ensure that Personally Identifiable Information (PII) events associated with the Information System boundaries are reported to the Computer Incident Response Center (CIRC) within 1 hour in accordance with the Privacy Breach Response Plan.
-
Ensure that Vulnerability and/or Compliance scans/reports are processed in accordance with the Continuous Monitoring plan/strategy.
-
Update Risk Management Standard Operating Procedures (SOP's) as needed.
Required Qualifications, Experience, and Skills:
-
Must be a US Citizen able to obtain an agency-specific Public Trust clearance prior to starting.
-
3+ years of specialized experience in Cybersecurity or Compliance.
-
Must reside within a commutable distance of Washington, DC or Reston, VA to work onsite as required.
-
Significant knowledge in National Institute of Standards and Technology (NIST) Special Publications.
-
Significant knowledge in the Federal Risk and Authorization Management Program (FedRAMP).
-
Significant exposure to the various cloud platform offerings.
-
Experience with Xacta.
Preferred:
-
CISSP, CCSP, CIPP, CAP, CASP/GSLC/CISM/CSM or other industry standard security certifications