SECURITY ASSESSOR - MID LEVELrnMILITARY FRIENDLY & PREFERRED - HOH SPONSORrnAs a Mid Security Control Assessor, you will design, develop, engineer, and implement solutions. You will perform complex risk analyses which also include risk assessment. Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands. Support customers at the highest levels in the development and implementation of doctrine and policies. Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures. Perform analysis, design, and development of security features for system architectures.rnDuties & Responsibilities:rnrnAssess all applicable security controls defined in the mandated DHS Compliance tool and applicable to the systems under their purview.rnComplete a FIPS-199, Privacy Threshold Analysis (PTS), E-Authorization, Contingency Plans (CPs), Contingency Plan Tests, Security Plans.rnDevelop the SA Package documentation to include Security Assessment Plans (SAP), Security Assessment Reports (SAR), ATO Letters, ATO Recommendation Memo, Risk Assessment Memos, CFO Designation Memo, POA&M finding matrices, Executive Data Sheet (EDS), OA artifacts, etc.rnGather evidence for ATO efforts and store results in the mandated DHS Compliance Tool and/or in a separate customer repository.rnReview for upgrades and provide recommendation on whether this will result in major or minor changes and overall cybersecurity impact and utilize tools for tracking of changes.rnProvide recommendations for refining and/or improving existing RMF processes and procedures and support implementation of these changes.rnIn view of the remote nature of the contract, an individual Weekly Status Report and Weekly Status Reports Briefing are it is required deliverables for tasks assigned. The resources must have the ability to effectively develop weekly status reports, that are consistent, well structured, answer to all the assigned management templates guidelines, are in alignment with the task area of support, and are relevant to the reporting period. At a minimum the weekly status report should reflect the following:rnWeekly work accomplishedrn2 weeks of ongoing and planned tasksrnRisks, and issues impacting tasks assigned.rnThe report format will be primarily MS PowerPoint and MS Project (or other MS tools as required by the management team).rnAll Deliverables shall be at a level of accuracy that does not require "return for correction" for typographical and grammatical errors. (Repetitive requests for correction by the management or Government team may result in a determination of failing to meet the basic standards for professional writing, reporting, accuracy, quality, and completeness of the contractual requirements for deliverables.)rnMust have the ability to prepare to present, brief, and explain; all information captured in weekly status report to management and/or government client.rnAnalyze IT specifications to assess security risks. Design and implement safety measures and data recover plans. Secure networks.rnInspect customers systems for vulnerable points of access. Monitor network activities and communicate them to teams.rnrnRequired Qualifications:rnrnKnowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements Technical knowledge of IT systems.rnKnowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc.rnExperience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers.rnrnBasic Qualifications:rnrnProven experience as a Computer Security Specialist.rnProgramming skills are preferred.rnFamiliarity with security frameworks e.g., NIST Cybersecurity framework and risk management methodologies.rnKnowledge of patch management, firewalls, and intrusion detection/prevention systems.rnFamiliarity with public key infrastructure (PKI) and cryptographic protocols e.g., SSL/ TLS.rnAn analytical mind with excellent problem-solving ability.rnOutstanding communication and organization skills.rnDecision-making skills.rnrnEducation: Bachelor preferable but professional experience is Permitted:rnrn4-7+ years minimum of IT Cybersecurity experience including direct support of the US government (preferably DHS) and 2 years acting as an ISSO, assessor, compliance analyst, and policy ORrnA relevant bachelor's degree in IT, Computer Science or engineering with 7 years of ITrnrnCertifications and Training (Required): At least one of the following security certifications:rnrnCertified Authorization Professional (CAP)rnCertified Information Systems Security Officer (CISSO)rnCertified Information Security Manager (CISM)rnCertified Information Systems Security Professional (CISSP)rnrnClearance level:rnrnMust have at least a Secret Level Security Clearance.rnrnWork Location: Remote is authorized and the location of performance is Springfield, VA, Annapolis Junction, MD and Freedom Center in Herndon, VA. Travel is not reimbursed for travel between Performance location and Remote Location.rnBusiness Hours: 8:00 am EST - 4:30 pm EST.
