US Citizens & US Perm Residents/Green Cards only
Must be able to pass federal background check & obtain Public Trust clearance
Must have experience drafting government accreditation documentation
Must have Tenable Nessus experience
Under general direction, the successful candidate will be responsible for performing Information Technology Security Services including Project Management, Security Assessment and Authorization (SA&A) support, Vulnerability Management, and Continuous Diagnostics and Mitigations (CDM) support.
Security Assessment and Authorization (SA&A) Specific Duties and Responsibilities:
- Strong analytical, task management, time management, and communication skills necessary for handling SA&A initiatives, tasks and deadlines impacting the agency environment. Ability to research, analyze, correlate and present agency SA&A data from the agency SA&A tools.
- Ability to leverage and build upon existing agency ATO data stored in the agency specific tool to accommodate evolution in accordance with the latest guidance provided by NIST and/or the agency’s Information Security Program
- Works closely with the agency’s ISSO to perform and assist with the execution of regularly scheduled SA&A activities or the development of associated documentation.
- Works, collaborates, supports and assists other agency staff (internal system owners, developers, engineers and administrators) or external contractor staff (contractor-hosted systems) with the development of their SA&A package documentation and review and revise said documentation for accuracy and quality. Conducting interviews, site walk-throughs, and assessment of security as required. Documentation activities include, but are not limited to: updates to system operation manuals, updates to system inventory lists, evaluation of system status using the agency’s vulnerability management tools, updates to SOPs, creation of forms to support SOPs, etc.
- Ensures all packages are uploaded to the agency system within the agency specific deadlines and timeframe. Works and collaborates with the agency’s Information Security Program as they review the agency SA&A packages. Work with the agency staff or external contractor staff to revise documentation, as needed.
- Reviews monthly vulnerability reports provided by external contractor staff for the agency contractor-hosted systems. Works with the contractor staff by monitoring the remediation of critical, high and medium findings within the agreed-upon timeframe.
- Effective technical writing skills. Experience writing including, but not limited to: Contingency Plans, Security Plans, Privacy Impact Assessments, Security Test and Evaluation/Security Control Assessment Plans and report, POA&Ms and analysis and preparation of implementation strategies for new initiatives as introduced by the agency’s Information Security Program.
Vulnerability Management Specific Duties and Responsibilities:
- Strong analytical, task management, time management, and communication skills necessary for handling Vulnerability Management initiatives, tasks and deadlines impacting the agency’s environment. Ability to research, analyze, correlate and present agency vulnerability data from a variety of agency-hosted tools including the analysis of multilevel security risks and problems and compensating controls to the agency’s IT management and staff.
- Works and collaborates with developers, engineers, administrators and Service Desk technicians to implement security controls necessary to ensure confidentiality, integrity, and availability of information and compliance with agency’s configuration management standards across Linux, Macintosh, and Windows systems.
- Ability to collaborate proactively with developers, system owners, system administrators and IT management (both internal and external) in researching vulnerabilities, communicating the details to these partners and IT management, developing action plans, following up and closing out all vulnerabilities by the required agency target or mandated deadlines.
- Demonstrate the ability to design, configure, engineer, integrate, and implement system security solutions that will provide configuration management for multiple operating systems and applications. Work with IT staff to be creative when it becomes necessary to tailor configurations and create/document baseline or custom configurations.
- Effective technical writing skills. Experience writing SOPs, POA&Ms, policy, mandates, guidance, change management request, business cases, security incident reports, risk waivers, remediation action plans and SA&A-required documentation as necessary.
Essential Generic Duties and Responsibilities:
- Works closely with the ISSO to respond to agency’s Information Security data calls, inquiries and surveys. Provides proactive communications to agency IT Management or Information Security Program regarding status, issues or questions.
- Participates in and provides notes (if needed) regarding agency OCIO and Security meetings, workgroups, or training events as applicable.
- Communicates and collaborates regularly with the agency ISSO to provide progress and update reports includes managing and overseeing all activities performed or lead by the contractor.
- Experience working in IT operations, system administration, applications development, change and configuration management including, but not limited to asset tracking, backup technologies, and other maintenance procedures.
Must Have Qualifications:
- MS Office (Excel, Word, Powerpoint)
- Knowledge of and experience with Tenable Nessus
- Security Certification: CISSP or equivalent
- Minimum Education: B.A. or B.S. degree in related discipline or equivalent experience
- Minimum Years of Experience: 8+ years in overall technical IT experience
- Have or must be able to obtain Public Trust Clearance
- Ability to pass a federal government background investigation
- Experience documenting technical requirements
- Must have strong written and verbal communication skills
- Strong IT Management skills
- Proficient at multi-tasking and proactive in work responsibilities
- Superior attention to detail
- Passion for providing great customer service
- Knowledge of and experience with the follows:
- MS Project
- Patch Management Tools (e.g. Altiris, JAMF, LANRev, WSUS)
- Anti-Virus tools (i.e. Cylance)
- Carbon Black/FireEye
- Knowledge of and experience with AWS, Microsoft, or Google Cloud with certifications.
- US Citizenship
- Solid understanding of Linux and Windows operating system
- Familiarity with cloud architecture best practices, infrastructure optimization, security best practices
- Must be able to see opportunities for improvement, take ownership and closely work with various stakeholders.
- Willingness to work on a customer site in the DC Metro Area full or part time preferred