The FISMA Assessor will be assigned (8) systems in order to ensure the implementation and effectiveness of security controls in accordance with customer's IT Security Policy and Procedures. The FISMA Assessor role is to maximize assurances that protective measures are in place and operating effectively to counter any identified IT security threats to confidentiality, integrity and availability. For these systems, approximately 15-20 servers (Windows, LINUX, and SOLARIS) have been identified for operational IT Security support.
General Areas of Assessor Responsibilities:
• Works with the Systems central point of contact for IT security reviews in order to help optimize security for the systems with the designated system boundaries.
• Provides supports to help the FISMA POC ensure that the customer's requirement for IT security are being or will be met
• Help system POCs maintain an accurate list of each system's hardware and software which is identified in System Security Plans and Contingency/Disaster Recovery Plans.
• Helps the system POCs update System Security Plans and document evidence of NIST SP 800-53 Rev 3/4 internal controls for security.
• Provide support and assistance to optimize the Configuration Management for Systems based on Published Baselines. Provides support for configuration management compliance reviews and patch management updates and status reporting, etc.
• Work closely with the System POCs and Database Administrators to review and remediate any critical/high impact vulnerabilities scan results, including support to reduce Operating Systems, Web Interfaces, Databases, and Application operational vulnerabilities. Experience using Foundstone or Nessus and OWASP web application scanner is required.
• Coordinating the update and/or development of a Contingency / Disaster Recovery Plans and ensuring that the plan is annually tested and accurately maintained. Participate in CP/DRP Training and Testing.
• Update System Test Plans and Evaluations (ST&E) for Annual Control Testing. Document the summary results in Security Assessment Reports (SAR).
• Ensures that requests for FISMA Assessment and Authorizations are completed in a timely manner accordance with the customer's methodology and schedule.
• Work with IT system sponsors to document security weaknesses in Plans of Action and Milestones (POAMs), as well as to initiate and support and provide quarterly report on corrective action.
• Reporting any suspected or confirmed security incidents in accordance with established procedures. Facilitate Incident Response Training with Systems personnel.
• Update Risk Assessments (RA) to address any new or emerging threats or risks. Ensures risk management reviews are completed with System Sponsors.
• Works closely with systems staff to help to ensure log files & alerts are reviewed at least on a monthly basis, and that quarterly reports are provided to customer.
• Coordinate with the system sponsors to ensure that operations meet customer's Security Policies, including support to identify and develop Interconnect Security Agreements (ISA).
This position requires detailed knowledge and experience with the above activities as well as:
• Expert knowledge of FISMA requirements and NIST Special Publications
• Experience assessing and managing security controls for federal IT systems
• Expert knowledge of IT security best practices and current security threats
• Broad knowledge of IT technologies and operations
• Ability to develop good working relationships with customers, colleagues, and other stakeholders.
• Good verbal and written communication skills
• Ability to handle and prioritize multiple simultaneous systems, projects, and other assignments.
• Experience leading tabletop and functional tests as well as training exercises
Herndon, VA with travel to Washington DC
BS degree in Computer Science, Information Systems, Engineering, or related field preferred. Commensurate work experience considered.
Industry certification, e.g. CISSP is highly desirable.
U.S. Citizenship required
None, but a background investigation will be required
TDI was founded in 2001 to pursue Cyber Security as its core competency. Since inception, TDI has led or participated in more than 100 separate information security tasks in the government and commercial areas around the world. TDI has outstanding credentials in its core capabilities of penetration testing, program management, information security, C&A, FISMA compliance, and all areas of cyber security engineering. We pursue the latest developments in information security through active lecturing at international information security conferences, publishing information security articles, and working on the cutting edge of information security development programs.
"We provide our clients the peace of mind that their business is running in a safe and secure environment. We do this by delivering high-quality, innovative information assurance and cyber security services and solutions."
"TDI will be an acknowledged global leader in information assurance and cyber security by delivering outstanding service and superior outcomes for our customers."
Employees are our primary source of strength
Employees should enjoy their work, feel part of the company, and share in its profits
Our clients deserve the top talent in Information Assurance
Total access to senior management and openness with each other is a cornerstone to our success
Our work environment promotes and rewards employee initiative
A flexible organization is always open to new ideas and solutions
Our well managed growth preserves our culture
We have a responsibility to contribute meaningfully to the field of Information Assurance, influence its growth, and set the standard.
Fri, 21 Apr 2017 11:30:21 PDT