Lead IA Security Specialist

About The Position

Requirements

• BA/BS degree in an Engineering discipline. An additional four years of experience in lieu of a degree is acceptable.
• At least 10 years of experience in cybersecurity
• Secret Clearance

Responsibilities

• Implement RMF in accordance with National Institute of Science & Technology (NIST) 800-37 and shall assess the system IAW NIST 800-53A.
• Create and keep updated in the Enterprise Mission Assurance Support Service (eMASS), POA&Ms for each non-compliant control that cannot be remediated.
• Document the security control implementation, including status and artifacts in the RMF version of eMASS.
• Register any deviation from STIG Compliance in eMASS as a non-compliant security control.
• If the contractor cannot correct the non-compliance within the timeframe set by the Government’s Vulnerability Management Policy, the Contractor shall submit a POA&M for correcting the non-compliant security control in eMASS, or the contractor shall submit an Authorizing Official (AO) risk acceptance request within eMASS for non- compliant security controls that the Government agrees cannot be remediated within reasonable costs and time.
• Use the most up-to-date, relevant, and agreed-upon Security Technical Implementation Guides (STIGs), conduct a full self-assessment at least twice a calendar year, and perform incremental self-assessments continuously.
• Submit a Self-Assessment Plan. Approval from the Government Information System Security Manager (ISSM) and Security Control Assessor Representative must be attained before implementation. The plan shall include the STIGs that will be used, STIG version number, accreditation boundary, system software and hardware, and any security software that will be used (i.e., Fortify, Assured Compliance Assessment Solution.
• Deliver a full Self-Assessment Report to the Government, which includes all information from the Self-Assessment plan in addition to the number of CAT I, CAT II, and CAT II STIG and IAVM findings for each system component.
• Deliver Self-Assessment Results in the form of STIG Viewer checklist files. Within the checklist files, the Contractor shall document the compliance status for all STIG checks and an explanation for how and why the STIG check is compliant, non-compliant, or not applicable.
• For code-related findings, the Self-Assessment Results shall indicate where in the code the issue was discovered.
• Provide a prioritized list of POA&Ms with recommended milestones, mitigations, and comments to the Government.

Benefits

• Medical, Dental & Vision Insurance
• Flexible Spending Accounts
• Short-Term and Long-Term Disability Insurance
• Life Insurance
• Paid Time Off & Holidays
• Earned Bonuses & Awards
• Professional Training Reimbursement
• Paid Parking
• Employee Assistance Program
• paid parental leave
• immediate vesting in our 401(k)