IA Security Specialist

About The Position

Requirements

• Bachelor's Degree in information assurance, information technology, computer science, or a degree in a related field
• Minimum of 6 years of experience
• Possess applicable industry certifications such as CISSP, CISM, or Security +
• Must able to obtain Federal Suitability

Responsibilities

• Define and maintain the set of security requirements to be implemented in all systems based on, but not limited to, the following: Federal Information Processing Standards (FIPS) Publication 199, National Institute of Standards and Technology (NIST) 800-53, NIST 800-60, US Department of Transportation (DOT) Information Technology Implementation Memorandum (ITIM), FAA policy, Executive Orders, and OMB mandates.
• Tailor and review the Acquisition Management System (AMS) Process for Cybersecurity Requirements and Capabilities to allow for rapid response to identified threats and/or vulnerabilities.
• Establish and review baseline security configuration standards for operating systems and applications used in all systems.
• Review system configuration and network service change requests to ensure only approved network services are configured for additions (new services), modifications to existing services, and discontinuation of services.
• Provide technical cybersecurity support to all organizational systems.
• Review, evaluate, and make recommendations on Systems Security Authorization documents (Security Assessment Reports, System Security Plans, System Contingency Plans, System Characterization Documents) to determine if risk is accurately portrayed and/or assessed.
• Conduct Gap Analysis to accurately document whether additional FIPS-199 controls are applicable.
• Review and evaluate POA&M funding requests to determine if the proposal remediates or mitigates risk to an acceptable level and provide recommendation based on priorities, risk, and current world events if the request should be funded.
• Collaborate with System Owners to address any cybersecurity concerns or questions.
• Create and present risk summaries to management to show the current risk and recommendations for acceptance, corrective actions, deferral, or disconnection(s) required to address the cybersecurity concerns.
• Review and analyze POA&M to determine if the data effectively supports risk mitigations and make recommendations for improvements for the systems security.

Benefits

• health, dental, and vision care
• paid leave
• retirement plans (401K, Roth, and ESOP)
• life and disability insurance
• flexible spending accounts
• education and training assistance