Cybersecurity Assessment and Authorization Analyst

About The Position

Requirements

• Bachelor's degree in Computer Science or a related field of study and a minimum of eight (8) years’ relevant experience, or equivalent combination of education / experience.
• Must have at least eight years (8) of information security experience and with at least four (4) years of certification and accreditation (C&A) compliance / Security Assurance (SA) experience (NIST based).
• In depth knowledge of NIST SP 800 series and FedRAMP guidance and standards.
• Highly organized with ability to effectively manage multiple projects and priorities.
• Ability to work in a fast-paced environment and to learn and apply new knowledge and techniques related to incident response and continuous monitoring capabilities.
• Ability to effectively work both independently and in a team environment for the successful achievement of goals.
• Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences (i.e., customers, team members, management, and federal staff).
• Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues.
• Working knowledge and understanding of OMB, FISMA, FIPS, HIPPA and other federal regulations and requirements associated with Information Security.
• Knowledgeable of security-related processes with respect to Federal risk and compliance regulations best practices.
• Ability to read, analyze, and interpret common information systems security documents.
• Expert computer skills with advanced proficiency in a Windows and Linux based computer environment.

Nice To Haves

• CAP, CISSP, CISM, CISA, SANS GIAC, Security+, Network+, Linux+, MCSE, CCNA or SSCP certifications preferred.

Responsibilities

• Conducts annual security controls effectiveness testing.
• Documents findings and advises and monitors remediation efforts on all systems in accordance with established policy and procedures.
• Conducts significant research, evaluation, recommendation, and documentation development such as security assessment reports, methodologies, briefings, and presentations.
• Conducts information security audits/risk assessments on customer systems and network and documents in accordance with NIST, Risk Management Guide for Information Technology Systems.
• Annually reviews and updates the security and contingency plan for each system in conjunction with security audits and makes recommendations to address deficiencies.
• Assists system owners in developing security authorization packages that are fully compliant with National Institute of Standards and Technology (NIST) guidelines and organizational defined standards.
• Evaluates the implementation of security controls as required by NIST.
• Prepares security authorization packages using approved customer templates.
• Assists in meeting mandates, directives, reporting, and other security-related processes with respect to Federal regulations such as FISMA; Health Insurance Portability and Accountability Act (HIPAA); Office of Management and Budget (OMB) mandates; Homeland Security Presidential Directives (HSPD); Federal Information Processing Standards (FIPS) and NIST guidance implementation, oversight, and compliance.
• Reviews and updates risk assessments when significant changes occur to systems/network.
• Ensures customer information and information systems are adequately protected from unauthorized access, use, disclosure, disruption, modification, or destruction.
• Briefs and provides documented results to staff. Briefs include, at a minimum, areas of conformance to directives, corrective recommendations for deficiencies, and POA&M explanations to correct deficiencies.
• Analyzes major IT systems, from a security perspective, during the initial phases of system development and throughout the systems development lifecycle.
• Reviews standard security configurations to assure compliance with federal directives and industry best practices.

Benefits

• Medical
• Dental
• Vision
• Company Life Insurance
• Short-Term and Long-Term Disability Insurance
• 401(K) Immediate Vesting
• Professional Development Assistance
• Legal Aid Assistance Program
• Family Planning / Fertility Assistance
• Personal Time Off
• Observance of Federal Holidays
• Employee Assistance Program (EAP)
• Training and Development Opportunities