Job ID: 2191473
Job Title: Information Security Specialist
Job Location: Washington DC
Job Type: CTH
Job Duration: 6 months
Roles And Responsibilities:
The qualified applicant be supporting the USPS Corporate Information Security Office (CISO) in the security certification & accreditation of Postal Service information resources.
Required Key Skills
Provide Information Technology Security Certification and Accreditation (C&A) guidance.
Facilitate initial briefings and subsequent meetings of the C&A core team.
Coordinate the completion of a Business Impact Assessment (BIA) per the guidelines of USPS Handbook AS-805 Information Security for each information resource.
Work with the Privacy Office on privacy-related requirements.
Recommend security requirements to executive sponsors and portfolio managers during the BIA process based on generally accepted industry practices, the operating environment [e.g., hosted in the de-militarized zone (DMZ)], and the risks associated with the information resource.
Provide guidance on how information resources are vulnerable to threats, what controls and countermeasures may be appropriate, and the C&A process.
Review and evaluate C&A documentation, including the BIA, Risk Assessment, Security Plan, Security Test and Evaluation (ST&E) plan and report, and independent reviews of the information resource.
Prepare the C&A Evaluation Report.
Escalate security concerns or forward the C&A Evaluation Report and supporting C&A documentation package to the certifier.
Work with the Information Systems Security Officer (ISSO) to complete C&A artifacts and sending the other required artifacts (e.g., Technical Architecture Diagram (TAD) and security specifications for procurements) to the ISSO.
To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:
Bachelor's degree in Information Technology or similar engineering discipline or an equivalent combination of education and training that provides the required knowledge, skills, and abilities to perform the roles and responsibilities.
Knowledge of one or more of the following NIST Special Publications: 800-12, 800-14, 800-18, 800-30, 800-34, 800-37, 800-39, 800-53, 800-53A, 800-61, 800-64, 800-95, 800-100, 800-122
Knowledge of FIPS Publication 199
Must be able to obtain a Position of Public Trust Designation
Desired Key Skills
Direct experience with any of the following Certification and Accreditation (C&A) programs/processes
National Information Assurance Certification and Accreditation Process (NIACAP)
Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP)
Systems Security Certification and Accreditation (C&A) within the Defense Logistics Agency (DLA) for Defense-in-Depth
Certification and Accreditation Process for Certifiers—Defense Information Systems Agency (DISA)
Knowledge of one or more of the following NIST Special Publications: 800-13, 800-21, 800-25, 800-28, 800-32, 800-40, 800-41, 800-44, 800-45, 800-46, 800-47, 800-48, 800-51, 800-57, 800-60, 800-63, 800-88, 800-92, 800-94, 800-111, 800-114, 800-115, 800-121, and 800-123
Knowledge of one or more of the following FIPS Publications: 180-3, 186-2, 190, 196, 197, and 198
One or more of the following credentials:
a) Certified Information Systems Security Professional (CISSP) b) Certified Authorization Professional (CAP) c) Certified Secure Software Lifecycle Professional (CSSLP)