Overview
Compensation information provided in the description
Full Time
Skills
High-level Design
Design Documentation
Project Lifecycle Management
Scientific Research
IT Service Management
Cloud Computing
Managed Services
Network
Writing
IT Security Assessment
Authorization
Information System Security
Security Analysis
Information Systems
Communications Security
GC
Mapping
Security Policy
Security QA
Evaluation
IT Security
Regulatory Compliance
System Security
Risk Assessment
Risk Management
Cyber Security
Security Clearance
Communication
Supervision
Healthcare Information Technology
Job Details
Our Federal Government client is looking for two security assessors that have a SECRET clearance. See below for details:
Top Skills' Details
1. 10 + years experience as a cyber security analyst or assessor creating & reviewing SA&A documents (security assessment plans, security assessment reports, and plan of action and milestones (PoA&M) reports)
2. 3+ years of experience with ITSG-33 and conducting assessments in PBMM environment
- IT security controls (ITSG-33) and applicable safeguards
- Assessment of security in High Level Design and Detail Design documentation and assessment of build books
- Assessment of security threats
- Assessment of mitigation strategies
- Assessment of residual risk
- Assessment of Integration Security Testing
- Assessment of Security in Information System Production Environment
- Assessment of Secure Development Environment
- Integration of Security throughout a project lifecycle
3. Experience performing SA&A's in cloud or hybrid-cloud environments
Description
The client is an organization that is at the front line of some mission critical applications to ensure the safety of Canadians, delivers significant policy advice to support economic prosperity; and delivering scientific research to properly deliver on both of these. With that in mind, the client is working to transform how IM/IT services are delivered within the organization.
The client is looking for two (2) security assessors to address the bottlenecks in the cyber risk management team of security assessments required. The Security Assessment and Authorization (SA&A) is a requirement from Communications Security Establishment (CSE) to allow only systems which are reliable and secure into production.
The SA&A process ensures that new applications, network services, cloud-based services and managed services have been reviewed for security risks and have appropriate security measures applied to them before being put into use on a production network, or before a service is enabled for processing sensitive departmental information.
It is imperative that all production systems maintain a valid Authority to Operate (ATO) by ensuring that their Security Assessment and Authorizations (SA&A) are up-to-date and have or will meet all of their conditions within the agreed timeframe.
Tasks:
- Attend meetings with the client's Technical Authority, delegates and clients to discuss security requirements and objectives
- Provide advice and guidance in meeting and discussion forums, verbally and in writing regarding IT security topics in order to conduct IT security assessment and authorization (SA&A) services.
- Provide SA&A services including the analysis of systems threats, vulnerabilities, existing security safeguards and the preparation of required IT security artifacts
- Apply IT security risk management processes to the client's IT solutions
- Assess IT solutions, applications and platforms for compliance
- Perform information system security implementation process (ISSIP) security activities and security assessment activities for the client's Protected and Classified information systems as identified in Communications Security Establishment Canada (CSEC) IT Security Risk Management: A Lifecycle Approach (ITSG-33) ;br>- Evaluate and recommend IT products and related IT security baseline configurations based on the Government of Canada (GC) and the client's policy and standards, including industry best practices
- Conduct certification activities; verify that security safeguards meet the applicable policies and standards, validate security requirements by mapping security policy to security requirements and through design documents, verify that security safeguards have been implemented correctly and that assurance requirement have been met.
- Review results of security testing and evaluation (ST&E) done by business IT team to determine if the technical safeguards are functioning correctly, Assess the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk
- Review IT security artifacts provided by business IT team and prepare the SA&A packages
- Seek written approval (interim and other) for implemented IT systems to operate and process sensitive information if the risk of operating the system is deemed acceptable, and if the system is in compliance with applicable security policies and standards
- Conduct meetings and provide advice in meaningful ways intended to train and empower the employees to conduct system security reviews.
Skills
Risk assessment, Risk management, Cyber security
Additional Skills & Qualifications
- secret clearance
- strong communication skills and ability work autonomously with minimal supervision (smaller department, smaller team, they are looking for folks to hit the ground running)
- full-time availability (please note level of effort can vary)
Experience Level
Expert Level
Pay and Benefits
The pay range for this position is $780.00 - $780.00/hr.
Workplace Type
This is a fully remote position.
propos de TEKsystems et TEKsystems Global Services
Nous sommes un fournisseur de services aux entreprises et de technologies. Nous acclrons la transformation de nos clients. Notre comptence en stratgie, conception, excution et oprations libre la valeur de l'entreprise par un ventail de solutions. Nous sommes une quipe de 80 000 personnes qui collaborent avec plus de 60 000 clients, notamment 80 % du Fortune 500 en Amrique du Nord, Europe et Asie, qui collaborent avec nous dans le cadre de nos capacits full-stack et notre rythme. Nous sommes des penseurs stratgiques, des collaborateurs pratiques qui aident les clients exploiter le changement et matriser le dynamisme de la technologie. Nous btissons le futur en livrant les rsultats et en crant un impact positif dans nos communauts mondiales. TEKsystems et TEKsystems Global Services sont des entreprises d'Allegis Group. Dcouvrez d'autres informations TEKsystems.com.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Top Skills' Details
1. 10 + years experience as a cyber security analyst or assessor creating & reviewing SA&A documents (security assessment plans, security assessment reports, and plan of action and milestones (PoA&M) reports)
2. 3+ years of experience with ITSG-33 and conducting assessments in PBMM environment
- IT security controls (ITSG-33) and applicable safeguards
- Assessment of security in High Level Design and Detail Design documentation and assessment of build books
- Assessment of security threats
- Assessment of mitigation strategies
- Assessment of residual risk
- Assessment of Integration Security Testing
- Assessment of Security in Information System Production Environment
- Assessment of Secure Development Environment
- Integration of Security throughout a project lifecycle
3. Experience performing SA&A's in cloud or hybrid-cloud environments
Description
The client is an organization that is at the front line of some mission critical applications to ensure the safety of Canadians, delivers significant policy advice to support economic prosperity; and delivering scientific research to properly deliver on both of these. With that in mind, the client is working to transform how IM/IT services are delivered within the organization.
The client is looking for two (2) security assessors to address the bottlenecks in the cyber risk management team of security assessments required. The Security Assessment and Authorization (SA&A) is a requirement from Communications Security Establishment (CSE) to allow only systems which are reliable and secure into production.
The SA&A process ensures that new applications, network services, cloud-based services and managed services have been reviewed for security risks and have appropriate security measures applied to them before being put into use on a production network, or before a service is enabled for processing sensitive departmental information.
It is imperative that all production systems maintain a valid Authority to Operate (ATO) by ensuring that their Security Assessment and Authorizations (SA&A) are up-to-date and have or will meet all of their conditions within the agreed timeframe.
Tasks:
- Attend meetings with the client's Technical Authority, delegates and clients to discuss security requirements and objectives
- Provide advice and guidance in meeting and discussion forums, verbally and in writing regarding IT security topics in order to conduct IT security assessment and authorization (SA&A) services.
- Provide SA&A services including the analysis of systems threats, vulnerabilities, existing security safeguards and the preparation of required IT security artifacts
- Apply IT security risk management processes to the client's IT solutions
- Assess IT solutions, applications and platforms for compliance
- Perform information system security implementation process (ISSIP) security activities and security assessment activities for the client's Protected and Classified information systems as identified in Communications Security Establishment Canada (CSEC) IT Security Risk Management: A Lifecycle Approach (ITSG-33) ;br>- Evaluate and recommend IT products and related IT security baseline configurations based on the Government of Canada (GC) and the client's policy and standards, including industry best practices
- Conduct certification activities; verify that security safeguards meet the applicable policies and standards, validate security requirements by mapping security policy to security requirements and through design documents, verify that security safeguards have been implemented correctly and that assurance requirement have been met.
- Review results of security testing and evaluation (ST&E) done by business IT team to determine if the technical safeguards are functioning correctly, Assess the residual risk provided by the risk assessment to determine if it meets an acceptable level of risk
- Review IT security artifacts provided by business IT team and prepare the SA&A packages
- Seek written approval (interim and other) for implemented IT systems to operate and process sensitive information if the risk of operating the system is deemed acceptable, and if the system is in compliance with applicable security policies and standards
- Conduct meetings and provide advice in meaningful ways intended to train and empower the employees to conduct system security reviews.
Skills
Risk assessment, Risk management, Cyber security
Additional Skills & Qualifications
- secret clearance
- strong communication skills and ability work autonomously with minimal supervision (smaller department, smaller team, they are looking for folks to hit the ground running)
- full-time availability (please note level of effort can vary)
Experience Level
Expert Level
Pay and Benefits
The pay range for this position is $780.00 - $780.00/hr.
Workplace Type
This is a fully remote position.
propos de TEKsystems et TEKsystems Global Services
Nous sommes un fournisseur de services aux entreprises et de technologies. Nous acclrons la transformation de nos clients. Notre comptence en stratgie, conception, excution et oprations libre la valeur de l'entreprise par un ventail de solutions. Nous sommes une quipe de 80 000 personnes qui collaborent avec plus de 60 000 clients, notamment 80 % du Fortune 500 en Amrique du Nord, Europe et Asie, qui collaborent avec nous dans le cadre de nos capacits full-stack et notre rythme. Nous sommes des penseurs stratgiques, des collaborateurs pratiques qui aident les clients exploiter le changement et matriser le dynamisme de la technologie. Nous btissons le futur en livrant les rsultats et en crant un impact positif dans nos communauts mondiales. TEKsystems et TEKsystems Global Services sont des entreprises d'Allegis Group. Dcouvrez d'autres informations TEKsystems.com.
About TEKsystems and TEKsystems Global Services
We're a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We're a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We're strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We're building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com.
The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.