Security Specialist - Risk Management Framekwork

About The Position

Requirements

• Active Top Secret SCI security clearance
• Bachelor’s degree and 7+ years of equivalent experience within related field
• Active CompTIA Security + and/or CISSP
• Experience with Risk Management Framework and accreditation
• Knowledge of Cybersecurity policies and procedures
• An active Top Secret security clearance is required to apply, however, the selected candidate must be able to obtain a Top Secret SCI clearance prior to the start date.

Nice To Haves

• Excellent customer service skills
• Excellent people skills
• Proven communication skills – verbal, written and listening
• Excellent attention to detail skills
• Able to work effectively according to a schedule and with minimal direction

Responsibilities

• Ensure proper use of remote access connectivity from NGA to the Personnel Security and Background Investigation systems approved by NGA’s CIO and Information Technology Services Directorate (CIO-T) office and maintained in accordance with NGA’s policy and procedures.
• Ensure the File Transfer Protocol (FTP) connections from NGA to the Background Information system meet NGA and National Institute of Standards and Technology (NIST) requirements.
• Data sensitivity and coordinating use of multiple security countermeasures to protect the integrity of the information assets in the enterprise is an overarching goal, in addition to protecting and ensuring data sensitivity is being enforced.
• Ensure the user community of this network is in conformance with all computing standards of NGA.
• Information exchange security ensures the site-to-site VPN tunnels are established based on the NGA and Department of Defense (DoD) requirement.
• Ensure investigation operations will follow accreditation standards using Intelligence Community Directive (ICD) 503, RMF, categorizing methods of High Confidentiality, High Integrity, and Moderate Availability level.
• Protect the Background Investigation systems through implementation of security controls that protect against malicious behavior to include intrusion, tampering and virus between the two systems.
• Provide a means to detect, prevent, record in an audit trail and report to the Information System Security Officer (ISSO) any attempts by non-authorized users to access the system.
• Provide audit logs to NGA monthly.
• Ensure security parameters controls that were identified by NGA be augmented by policies and procedures.
• Ensure Security categorization of High Confidentiality, High Integrity and Moderate Availability based on the information types are followed.
• Contractors are required to complete annual refresher IT Security Awareness training as well as additional security training based on their Security Specialist roles and responsibility.
• Ensure no personal computers or other agency computers will be used across the interconnection or on the NGA Networks.
• Conduct vulnerability scans bi-weekly and Security Technical Implementation Guide (STIG) System scans every three months and provide results of scans as part of the monthly report.

Benefits

• medical
• dental
• vision
• paid time off
• 401(k)
• life insurance
• flexible work schedules
• holidays