Senior Cybersecurity Specialist (ISSO and Assessor)

About The Position

Requirements

• US Citizenship Required
• 10+ years of relevant progressively increasing cybersecurity experience
• Ability to communicate with other team members effectively and clearly on technical information related to information systems’ design and implementation with regards to cybersecurity.
• Extensive knowledge of information technologies to include computer hardware and software focusing on new communication protocols and transceivers, operating systems, networking protocols, cloud-based security issues and terminology
• Direct experience with FISMA and the Security Assessment and Accreditation (SA&A) process.
• Experience with accrediting systems that have an Oracle or SQL backend.
• Hands on experience operating scanning tools such as Nessus, Netsparker, etc., must have ability to set up and maintain tools.
• Experience as a leader in continuous monitoring programs, to include familiarity with monitoring tools such as Carbon Black or Forescout.
• Familiarity with assessing AI applications and/or acting as an ISSO for AI application
• A bachelor’s degree in Cybersecurity, Computer Science or other relevant field of study.
• Be eligible to obtain a Federal Security Clearance at the Q level.
• Any equivalent combination of experience and training that provides the required knowledge, skills, and abilities.

Nice To Haves

• CISSP, CISM, CEH, SSCP, SANS GIAC, or other certification is strongly desired, but not required.

Responsibilities

• Act as an advisor on all matters, technical and otherwise, involving the security of information systems under purview.
• Develop all required cybersecurity documentation including but not limited to system security plans, privacy impact assessments, contingency plan/business impact assessments, security categorizations, and incident response plans.
• Work with the Information Systems Security Manager (ISSM) to obtain and maintain the system’s Authority To Operate (ATO).
• Provide guidance to system administrators and system owners on adherence to applicable requirements for maintaining security posture of authorized systems.
• Interpret Federal and Departmental guidance to develop security operating policies and procedures to protect networks, and other sensitive information.
• Conduct assessments of information systems in adherence to FISMA, FIPS, CNSS and NIST requirements.
• Perform analysis of vulnerability scan results and assist application teams in addressing findings within the organization’s required timeframes.
• Provide guidance and develop an organizational wide Continuous Monitoring Program policy and procedures.
• Provide guidance and assistance to system administrators and system owners on adherence to Continuous Monitoring Program policy and procedures and setting up continuous monitoring tools.
• Provide Configuration Management (CM) oversight for information system security software, hardware, and firmware; Manage changes to systems and perform assessments on the security impact of the changes.
• Perform risk assessments and analysis in support of ongoing awareness and adherence to the organization’s risk tolerance.
• Anticipate security requirements and identify sound security controls for applications, systems, and processes.
• Research and when necessary, publish and distribute notifications which address major information security threats, i.e. hacking, malicious activity, damaging vulnerabilities with active exploits in the wild, Trojans, Worms, Viruses, Malware, etc.
• Responsible for providing guidance, assistance, and validation of completion of POA&M items.
• Perform other tasks as assigned.

Benefits

• Paid Time Off & Holiday Pay
• Medical Insurance
• Dental Insurance
• Vision Insurance
• Disability, Life Insurance, and AD&D
• Flexible Spending Accounts
• Pre-Tax 401K and/or After-Tax Roth IRA (with employer matching contribution)
• Tuition and Technical Training Reimbursement
• Exercise Reimbursement
• Computer Reimbursement
• Employee Assistance Program