Job Description

Key Tasks and Responsibilities

• Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps

• Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
• Preparing Security Impact Assessments, Addendums, Security Authorization Packages and including documentation such as Authorization

Official Out-briefs, Security Authorization Recommendations and Security Authorizations Memorandums

• Identify, assess, and prioritize identified risks
• Collect evidence, artifacts, and document findings to support conclusions
• Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies
• Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
• Coordinate third-party risk assessments and IT audits
• Manage remediation efforts and report on the status of control deficiencies
• Support security initiatives and global policy adherence and awareness efforts
• Support global information security metrics and reporting program(s)
• Provide security expertise to business units and key stakeholders
• Enforce policy adherence and manage formal policy exception requests

Provide timely status updates/reporting on assessments and assigned projects

Education & Experience

• A Bachelor degree in Computer Science or a related engineering field with training in information security 10+ years’ experience in Information Security
• 5+ years’ experience building and managing Windows server platforms
• Thorough knowledge of NIST 800 Special Publications, Federal Information Processing Standards (FIPS) and other significant federal regulations
• Expertise the NIST Risk Management Framework to generate and maintain SA&A documentation to include System Security Plans, Security Assessments Reports, and Risk Assessments for internal and cloud- based systems (ie., FedRAMP)
• Thorough knowledge of federal laws and directives pertaining to information security Experience using security scanners (e.g. Nessus, Nexpose, etc) and remediating vulnerabilities
• Experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (i.e., Minimum Benchmarks: CIS, STIGS)
• Experience reviewing system logs for potential intrusions and policy violations. Experience using Forescout, Bigfix, and RES a plus

Certifications

• CISSP
• CISM

Security Clearance

• Public Trust High (Tier 4/BI) Risk Level
• Must be a US citizen or Lawful Permanent Resident

Job Tags

Similar Jobs