Calling all FISMA addicts looking to do some A&A work (i.e., the new C&A). We know the boss and he’s pretty great to work for especially if you are looking to take your FISMA skillz to the next level… Yeah, maybe the future will be brighter as soon as “continuous monitoring” takes hold but until then we imagine this position is mostly paper shuffling. Still, it looks like a great way to step back and see the big picture. If you have any questions, feel free to reach out to the manager.
And don’t forget … if your organization is interested in posting their career opportunities here, head on over to our Job Board page for all the details. Well anyway … on to the job post.
Senior IT Security Analyst
Silver Spring, MD
Will serve as a team member functioning as the Certification Agent for a local Federal Civilian Agency. Develop security package documentation related to NIST compliant FISMA system assessments as part of the accreditation audit process. Perform a variety of tasks relating to hands on security control testing, continuous monitoring, system analysis, architecture and mitigation recommendations, and conduct evaluations of documentation as it relates to each IT system and its configuration.
Must have a strong background meeting FISMA compliance using the Risk Management Framework (RMF). Duties will include all audit functions tied to the Certification Agent role, including; Develop and/or maintain system Assessment and Authorization (A&A) documentation, FIPS 199 and 200 analysis, SSP compliance audits, vulnerability and risk assessments, certification test plans and security test cases and evaluations and ITSO and AO briefings.
- Conduct Assessment and Accreditation (A&A) and perform all continuous monitoring functions and assist in marinating Systems Authorization to Operate (ATO).
- Oversight and development of POA&M’s as part of the Assessment and Accreditation.
- Audit compliance of security plans based on the National Institute of Standards and Technology (NIST) Security Publications.
- Audit and provide guidance of security program that includes Governance (A&A, Continuous Monitoring, FISMA, NIST, DOC and NOAA policies and procedures).
- Use risk management techniques to develop and complete risk assessments based on NIST standards to ensure IA design sufficiently mitigates IA risk.
- Develop and conduct security tests and evaluations based on NIST 800-53/53A.
- Prepare and analyze reports for Security Program as well as Governance.
- Prepare certification analysis and reports and provide certification recommendations to the client.
- Provide impact analysis on local Federal Civilian Agency with regard to updates and version changes on NIST 800-53A, SP800-18, SP800-30 and FISMA notices and changes as required.
- Utilize proficient, clear and concise English written and verbal communication skills in order to effectively interact with clients. Additionally, must be able to communicate with individuals at various levels of expertise in subject areas of concern.
- 3 – 5 years of experience in IT Security
- 2 – 3 years of demonstrated work experience related to FISMA preferred
- 3 – 5 years of IT Support and/or System Administration
- CEH, CISA, CISSP or other IT security certification preferred.
- Ability to work in independent environments under aggressive timelines
- Working knowledge of the NIST 800 series publications governing the FISMA Act.
- Familiarity with Assessment and Accreditation documentation/packages
- Must be proficient with all common operating systems (Windows, UNIX, Linux, Cisco IOS).
- Must be proficient with common security tools and scanners.
- Must be able to write NIST based Assessment and Accreditation documents.
- Must be able to analyze and evaluate system scan results and data from a security and risk perspective and provide effective mitigations.
- Must have good communication, good writing skills, efficient, positive, results-driven, problem-solving, team player.
Must be able to pass a full background investigation and obtain a security badge to enter the applicable government facility.
Bachelor’s Degree in Computer Science, Software Engineering, or other related discipline preferred.
ERT integrates full-spectrum science and technology solutions for Federal and State Government organizations tackling demanding projects in information technology, engineering, earth and space sciences, and environmental science. We are a Small Business company that is responsive and agile, placing high value on effective customer service and technical excellence. Our cost, management and technical performance scores are consistently in the excellent range.
Follow-Up Contact Information
For additional information and to apply, head on over to its requisition.