Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
Compliance supports overall goals on a continual basis is to assist with ensuring that components achieve passing or better compliance ratings by the department by adhering to federal and FCC requirements. The contractor shall provide support services required to execute the day to day FISMA operations, ensuring that all FISMA activities are prioritized correctly, completed on schedule, and are in accordance with FCC policies. Provide Certification review of completed Certification & Accreditation packages based on NIST and FCC standards for general support systems and major applications
- Review appropriateness of FIPS 199 impact level designations and 800-60 security categorizations.
- Review appropriate security controls based on characterization of the general support system or major application
- Assist in the development and maintenance of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance
- Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans;
- Provide comprehensive review of C&A package for completeness, accuracy, and compliance with defined FCC standards.
- Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the system certification guidelines and procedures
- Develop comprehensive checklists for reviewing C&A packages and develop processes and procedures to promote consistent completion and review of packages.
- Minimum 3 years of strong security experience.
- Bachelor;s Degree from an accredited college or university. Substitution of experience for education may be made when 4 years of specialized Information Technology (IT) or applications subject matter knowledge and experience will be equivalent to a 4 year degree. A Master's or Doctorate degree from an accredited college or university with a major in a field of study which is closely related to the work to be automated may be substituted for 1 year of experience. General Experience: 3 years within the past 5 calendar years of experience as a subject matter in areas related to an environment of Information Technology (IT) system development activity for administrative and business related computer programming and Information Technology (IT) analysis.
- Proficiency in the Microsoft Office Suite of tools to include extreme competency in Excel. This is due to the format in which all TAF reports are produced, Excel spreadsheets, and the need for an analyst to manipulate thousands of lines of data into management-style information to be consumed by various stakeholders.
- Familiarity with CSAM, TAF and/or RMS tools used daily by the FISMA analysts.
- Demonstrate knowledge of the NIST 800 publications governing the FISMA Act..
- Contractor must be proficient in developing and presenting, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization. Audiences for this information include, but are not limited to, senior executives at FCC and other agencies.
- Knowledge and proficiency with reporting tools such as Crystal Reports.
- Demonstrate familiarity with vulnerability management (POA&M) from creation to closure.
- Certification: Certification and Accreditation Professional (CAP), CISSP, CISM or CISA certification is preferred