Technical Information Security Assurance Specialist to assist in all facets of risk management and data protection across the Agency.
- Assist with analyzing, developing, implementing, integrating, and maintaining secure Agency IT solutions.
- Support security analysis, assessments, guidance, reporting, reviews, and testing during the program life-cycle.
- Support the analysis, development, evaluation, and production of all information assurance cyber security compliance and performance reports.
- Strong knowledge of FISMA regulation, FIPS standards, NIST 800 series, NIST Special Publications and other applicable guidance.
- Understanding of processes used to assess risk and establish security requirements and documentation to ensure that information systems possess security safeguards commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.
- Understanding of measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. In-depth knowledge, skills, and abilities needed to enforce Information Assurance and Cybersecurity requirements, apply Information System Security (INFOSEC) methodologies and facilitate security assessment and authorization (SA&A) as well as continuous monitoring activities, such as vulnerability scans and security control assessments. Able to analyze and assess vulnerability scan outputs and provide feedback to CISO and system owner.
- In-depth knowledge of information assurance levels and risk impact thresholds in meeting applicable security policies, standards and requirements to ensure that accrediting authorities have the information necessary to make an objective authorization determination based on an acceptable level of risk. Employee should be able to analyze, evaluate, and assess information system security policies, processes and procedures necessary to ensure a comprehensive multi-disciplined assessment of technical and non-technical security features and associated safeguards.
- In-depth knowledge of System Security Plan, Contingency Plan and Testing, POA&Ms, Risk Assessment, and other security related documents. Employee should be able to assist ISSOs and/or system owners on addressing security controls and implementation methods in the SSP as well assist in contingency planning and testing, security control assessment and vulnerability scanning. Able to analyze, assess, control, determine, mitigate and manage risk within a federal management framework or within federal interest computer systems that store, process, display or transmit Personally Identifiable Information (PII). Able to identify, implement and integrate management and administrative risk methodologies for securing critical and sensitive information infrastructures and establishing standards necessary to help protect the confidentiality, maintain the integrity and ensure the availability of critical organizational computing resources.
- Experience with Information Security, including conducting IT security assessments, SA&A and continuous monitoring activities.
- Understanding of OWASP. Previous development experience is preferred.
- CAP is required; CISSP certification is preferred.
eGlobal Tech is an equal opportunity/affirmative action employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, disability, veterans status, sexual orientation, or any other protected factor. EOE/M/F/DV