Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Secret clearance is required.
Must develop and implement documentation outlining system operating environment, to include the overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel, and associated responsibilities;
Assist in the development and maintenance of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance;
Participate in the development or revision of System-specific security safeguards and local operating procedures that are based on the above regulations;
Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans; and
Provide expertise in classified and unclassified ratings to customers.
Work closely with Certifiers to navigate the client's Certification & Accreditation process and produce all appropriate accreditation documentation
Attend ISSO training course as required
Perform interpretations of monthly vulnerability scan results of assigned systems
The Consultant is the principal point of contact for information assurance activities at the IT system level. He/She is responsible for ensuring that management; operational and technical controls for securing either National Security Systems or SBU level IT Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or possess a similar security professional certification. Strong relevant experience and education can substitute for these certifications. Candidates must possess a Bachelor’s Degree and 2 years or 4 years of relevant IA experience with no degree. Must possess experience with NIST standards and experience performing and interpreting vulnerability scanning results. The ideal candidate will be sufficiently versatile to adjust to the dynamic client environment within our Cyber Attack & Penetration Division. The candidate will not only possess the ability to perform security assessments, but provide direction and strategy to key decision makers when requested. Candidates must possess both experience and the ability to articulate risk based decisions. This position will involve up to 25% travel.