Will serve as a team member functioning as the Certification Agent for a local Federal Civilian Agency. Develop security package documentation related to NIST compliant FISMA system assessments as part of the accreditation audit process. Perform a variety of tasks relating to hands on security control testing, continuous monitoring, system analysis, architecture and mitigation recommendations, and conduct evaluations of documentation as it relates to each IT system and its configuration.
Must have a strong background meeting FISMA compliance using the Risk Management Framework (RMF). Duties will include all audit functions tied to the Certification Agent role, including; Develop and/or maintain system Assessment and Authorization (A&A) documentation, FIPS 199 and 200 analysis, SSP compliance audits, vulnerability and risk assessments, certification test plans and security test cases and evaluations and ITSO and AO briefings.
• Conduct Assessment and Accreditation (A&A) and perform all continuous monitoring functions and assist in marinating Systems Authorization to Operate (ATO).
• Oversight and development of POA&M's as part of the Assessment and Accreditation.
• Audit compliance of security plans based on the National Institute of Standards and Technology (NIST) Security Publications.
• Audit and provide guidance of security program that includes Governance (A&A, Continuous Monitoring, FISMA, NIST, DOC and NOAA policies and procedures).
• Use risk management techniques to develop and complete risk assessments based on NIST standards to ensure IA design sufficiently mitigates IA risk.
• Develop and conduct security tests and evaluations based on NIST 800-53/53A.
• Prepare and analyze reports for Security Program as well as Governance.
• Prepare certification analysis and reports and provide certification recommendations to the client.
• Provide impact analysis on local Federal Civilian Agency with regard to updates and version changes on NIST 800-53A, SP800-18, SP800-30 and FISMA notices and changes as required.
• Utilize proficient, clear and concise English written and verbal communication skills in order to effectively interact with clients. Additionally, must be able to communicate with individuals at various levels of expertise in subject areas of concern.
• 2 - 3 years of experience in IT Security
• 1 - 2 years of demonstrated work experience related to FISMA preferred
• 2 - 3 years of IT Support and/or System Administration
• CEH, CISA, CISSP or other IT security certification preferred.
• Ability to work in independent environments under aggressive timelines
• Working knowledge of the NIST 800 series publications governing the FISMA Act.
• Familiarity with Assessment and Accreditation documentation/packages
• Must be proficient with all common operating systems (Windows, UNIX, Linux, Cisco IOS).
• Must be proficient with common security tools and scanners.
• Must be able to write NIST based Assessment and Accreditation documents.
• Must be able to analyze and evaluate system scan results and data from a security and risk perspective and provide effective mitigations.
• Must have good communication, good writing skills, efficient, positive, results-driven, problem-solving, team player.
Must be able to pass a full background investigation and obtain a security badge to enter the applicable government facility.
Some travel is required.
Bachelor's Degree in Computer Science, Software Engineering, or other related discipline preferred.