U.S. Citizenship is required. Applicants must possess an active, Federal Government Security Clearance.
This position supports Certification & Accreditation, vulnerability scanning, reporting and PKI Operations.
• Conduct C&A assessments and evidence/artifact collection in accordance with NIST SP 800-53A Rev 3 for management, operational, technical, and physical security controls appropriate to the security categorization of the system under examination.
• Use standard audit techniques including Inspection, Scanning/Audit, and Interviews to gather/prepare evidence and artifacts to support compliance determinations. Audit support for both departmental and OIG audits
• Create detailed assessment reports which include detailed system overviews, categorized vulnerabilities, risk analysis calculations, and findings matrices.
• Perform data entry to maintain system records in DOJ’s Cyber Security Assessment and Management (CSAM) System.
• Manage the POA&M reporting and remediation process including tracking, resourcing, remediation, and reassessments.
• As required, develop, implement, and execute technical design, implementation, privacy assessments and test/evaluation documentation.
• Translate technical security issues into business risk/impact statements for reports to Senior Management Office leadership.
• Attending meetings/assisting with rollout of PKI on classified environments
• Follow-up support for classified PKI environments
• Attending department meetings regarding security initiatives
• Create and update policies and procedures
• Annual updates and testing of Contingency Plan and Incident Response Plan; and
Assisting with vulnerability scans and reporting.
• Hands-on experience conducting network, system, and enclave vulnerability/C&A assessments
• 3-5 years of experience working within a Federal Agency Certification & Accreditation process during the entire System Development Life Cycle process is required.
• Experience with Incidence Response activities including: identification of suspicious activities or events; physically securing systems; evidence collection; and Chain-of-Custody protections.
• Complete familiarity with Office Automation tools such as: Remedy; Visio; SharePoint; Word; Excel; PowerPoint; and Project.
• Demonstrated excellent oral/written communications and client facing skills.
• Be familiar with or have used an ITIL based Change Management Process/System.
• Hands-on experience working with Vulnerability Scanning and Assessment tools is desired.
Intelligent Decisions - 7 months ago