Senior Information Assurance and Cyber Security Analyst
ASJ IT Services, LLC has an immediate position available supporting a Federal client's Information Security Program. The Senior IA/Cyber Security Analyst position will be responsible for refining and implementing a Federal Agency's System Security Program. ASJ IT Services, LLC is seeking a senior candidate that has experience providing Federal Information System Management Act(FISMA) support to Federal Agencies and contributing to the technical direction of a team of analysts.
The candidate should have a good IT foundation and deep experience with understanding the implementation of cyber security controls in the Federal space. The candidate must have excellent verbal and written communication skills to draft agency wide policies and procedures. Candidate must be able to synergize and explain risks in a manner that can translate to all levels of professionals within the CIO office including technical engineers and C suite decision makers.
Must work in Washington DC or Reston area on client site for 5 hours, 2 to 3 days a week, near metro.
No 3rd parties. No relocation.
- Developing policies, processes and procedures for a Strategic Security Plan/Program
- Developing, reviewing and updating System Security Plans (SSPs) in accordance with Federal laws, standards, and guidance; industry best-practices, and the results of Agency assessments, testing results, audits, reviews or continuous monitoring results.
- Maintaining the Security Control Matrix (SCM) in accordance with NIST standards
- Developing security assessment plans for systems, including the objectives, scope, schedule, required documentation, possible risks, and other logistical items for security assessments
- Performing security risk assessments and documenting results
- Coordinating access to systems and approvals for scanning activities Conducting ad hoc testing on an as-needed basis to assist with development activities or vulnerability remediation Reviewing system security controls (managerial, operational, and technical) to determine adequacy against federal requirements (e.g., National Institute of Standard and Technology (NIST SP 800-53 and 800-53A) and mission context
- Documenting plans of action and milestones (POAMs) for corrective action following assessment activities and in response to identified vulnerabilities
- Experience with CSAM for POAM management
- Draft security policies and procedures including the system security plan, and agency specific policies in accordance with NIST requirements
- Conduct risk assessments to quantify impacts of vulnerabilities or decisions to the federal government.
- Maintaining configuration baseline documents
- Assisting with the system categorization of applications and/or systems according to NIST guidelines
- Supporting annual Authorization and Accreditation reviews for ATOs
- Supporting the documentation required for ISO and IO documentation as well as System of Record Notices (SORNs) and Privacy Impact Assessments (PIA) reviews.
- Understanding the Risk Management Framework (RMF) and assessing system risks
- Developing and maintaining Incident Response and Contingency Plans as well as COOP exercises
- Implementing and Supporting a Continuous Monitoring Plan
- Plan, develop and implement an incident response and audit program, to include automated tools including Splunk.
- Plan, conduct, support and assess system vulnerability scans and assessments, respond to incidents and document findings
- US Citizenship
- BS in Engineering, Computer Science or related Science degree
- Certified Information Systems Security Professional (CISSP)
- Experience with DOJ's CSAM tool and Splunk
- Minimum of 7 years managing and conducting A&A engagements.
- 5 year's experience in information security fundamental/principles
- National Institute of Standard and Technology (NIST SP 800-53 and 800-53A)
- Federal Information System Management Act: 5 years
Job Type: Part-time / Short Duration Project
Local candidates only:
- Washington, DC - Reston, VA (Near Tysons Corner)
ASJ IT Services, LLC (ASJ ITS), is a start-up company founded by President/CEO, Arizone Hollins Brown, VP/CFO, John Steele and VP/COO, James Jackson. ASJ ITS provides exceptional management of Information Technology and Information Systems Services. These services are based on over 75 years of combined proven experience and knowledge of the Federal acquisition regulatory process and our ability to build effective teams that bring tremendous value to the customer. ASJ ITS has certified expertise in Information Technology, Information Systems, Project Management, Program Management and Logistics Management Services.
ASJ-IT Services is a private corporation established in the Commonwealth of Virginia, is an Equal Employment Opportunity and Affirmative Action employer. This commitment affirms ASJ-IT Services policy to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local law
Thu, 16 Mar 2017 11:14:42 PDT