Cyber & A&A Security Specialist

About The Position

Requirements

• Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations AND comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards.
• At least 5 years of recent experience (within the last 6 years) in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools.
• At least 5 years of recent experience (within the last 6 years) with enterprise architecture methodologies, concepts, procedures, principles, and tools.
• At least 5 years of recent experience (within the last 6 years) in contingency planning and backup and recovery best practices and application of NIST guidance in this area.
• At least 5 years of recent experience (within the last 6 years) in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.).
• At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework.
• Possess at least ONE (1)of the following professional Certifications: Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA) GIAC Systems and Network Auditor (GSNA) Electronic Commerce Council Certified Ethical Hacker (CEH) ISC2 Certified in Governance, Risk and Compliance (CGRC) Security Certified Network Professional (SCNP) Security Certified Network Architect (SCNA)
• Ability to work in a cohesive team-oriented environment.
• US Citizenship Required
• Must have or the ability to obtain a Moderate Public Trust
• 5+ years of relevant experience
• Skills: Cyber Security, Information Security

Nice To Haves

• Bachelor’s Degree (or higher) in a related field
• Knowledge of assessing and securing cloud-hosted systems in accordance with federal security requirements
• Self-starter, highly motivated individual who adapts to a dynamic work environment
• Strong attention to detail with an ability to operate effectively across multiple priorities.

Responsibilities

• Conduct full lifecycle Security Control Assessments and Authorization (A&A) activities for NWS FIPS 199 Low, Moderate, High, HVA, and hybrid systems in accordance with the NIST Risk Management Framework (RMF), NWS policy, NOAA, and DOC directives
• Validate information System Security Plans (SSPs), FIPS 200, control implementations, and supporting policies and procedures for accuracy, completeness, and NIST SP 800-53 compliance.
• Execute security control test procedures through documentation review, technical validation, and interviews with system stakeholders to determine control implementation status and effectiveness
• Collect, analyze, and document evidentiary artifacts (screenshots, test logs, interview notes) to validate control implementation and effectiveness.
• Utilize CSAM to retrieve POAMs, artifacts, and other pertinent documentation to assist with the A&A process and ensure accuracy of the A&A documentation uploaded in the tool
• Analyze and interpret vulnerability and configuration compliance scan results from tools like Tenable Nessus to identify control gaps, assess risk, and validate remediation actions.
• Develop and maintain pre-assessment and assessment deliverables, including Security Assessment Plans (SAPs), Security Control Assessment (SCA) workbooks, and kickoff deck briefings
• Document assessment results and risk determinations in Security Assessment Reports (SARs), Vulnerability Assessment Reports (VARs), and Authorization to Operate (ATO) briefing deck.

Benefits

• We are proud to offer competitive compensation and benefits packages to include paid vacation, medical, dental, vision, matching 401K plan, tuition/training reimbursement, and Long & Short-Term Disability.