The Cybersecurity Specialist will be a member of a team that will be responsible for ensuring all information systems are assessed and authorized in the required timeframe according to the agency's standards. The candidate will be required to produce high quality SA&A system documents and artifacts.
Skills and Responsibilities of the Mid-level Security Specialist:
• Educational and/or work experience relevant to performing security assessments that evaluate policy, procedures or security controls, as required by Office of Management and Budget mandates, Presidential directives, Federal Information Security Management Act (FISMA) requirements, National Institute of Standards and Technology (NIST) publications, and Federal Information Processing Standards (FIPS).
• Educational and/or work experience developing policies, procedures and guidelines of federal organizations and systems in support of an assessment and authorization.
• Educational and/or work experience is desired with maintaining and using Governance, Risk Management, and Compliance (GRC) software, such as Cyber Security Assessment and Management (CSAM) or Archer GRC tool. This includes recommending and documenting the process, tailoring to provide assessments that are appropriate to the system type (major or minor), security impact, maximizing use of common controls, standardization, and other methods to efficiently implement an organization's assessment and authorization process.
• Educational and/or work knowledge with conducting and documenting System Test and Evaluations (ST&E) and Plan of Action and Milestones (POA&Ms) resulting from testing.
• Educational and/or work experience conducting assessments and authorizations which includes performing FIPS 199 security categorizations, security control analysis, risk assessments, developing security assessment reports (SAR) and other supporting documentation.
• Educational and/or work experience performing security requirements analysis on technologies and systems to ensure compliance with NIST.
• Educational and/or work experience evaluating contingency plans, configuration management plans, privacy threshold and impact analyses, security configuration checklists, and interconnection security agreements for compliance with NIST.
• Work experience in implementing a robust and near-real time continuous monitoring program utilizing a NIST SP 800-137 compliant Information System Continuous Monitoring (ISCM) strategy and plan.
• Experience with Splunk Enterprise Security Information and Event Manager (SIEM) tool or similar product is desired.
They shall have experiencing leading other engineers performing similar work. They must demonstrate effective communications skills with customers, peers and subordinates.
They will be responsible for weekly and monthly reporting activities. This person should be familiar with different reporting and writing tools such as but not limited to Word, Excel, SharePoint, Visio and Project.
Security Clearance Public Trust - Moderate Risk
Certifications Security+, Certified Authorization Professional (CAP) and/or Certified Information System Security Professional (CISSP) is preferred.
TDI was founded in 2001 to pursue Cyber Security as its core competency. Since inception, TDI has led or participated in more than 100 separate information security tasks in the government and commercial areas around the world. TDI has outstanding credentials in its core capabilities of penetration testing, program management, information security, C&A, FISMA compliance, and all areas of cyber security engineering. We pursue the latest developments in information security through active lecturing at international information security conferences, publishing information security articles, and working on the cutting edge of information security development programs.
"We provide our clients the peace of mind that their business is running in a safe and secure environment. We do this by delivering high-quality, innovative information assurance and cyber security services and solutions."
"TDI will be an acknowledged global leader in information assurance and cyber security by delivering outstanding service and superior outcomes for our customers."
Employees are our primary source of strength
Employees should enjoy their work, feel part of the company, and share in its profits
Our clients deserve the top talent in Information Assurance
Total access to senior management and openness with each other is a cornerstone to our success
Our work environment promotes and rewards employee initiative
A flexible organization is always open to new ideas and solutions
Our well managed growth preserves our culture
We have a responsibility to contribute meaningfully to the field of Information Assurance, influence its growth, and set the standard.
Sun, 2 Apr 2017 14:34:00 PDT