Kforce has a client seeking a Senior Information Assurance Analyst in Manassas, VA.
This position is to support the implementation of the Risk Management Framework (NIST, DoD, and IC RMF) for Commercial, Department of Defense, Federal Civilian, and Intelligence Community customers. The desired candidate should have extensive experience assessing security and privacy controls in information systems in compliance with NIST 800-53A.
* Conducting comprehensive assessments of information systems in compliance with NIST SP 800-53A
* Developing documentation (Security categorization, authorization boundary definition documents, security plans, contingency plans, security assessment reports, risk assessments, POA&Ms, etc.)
* Ensuring that the current revision of NIST SP 800-53 security requirements are addressed during all phases of the system life cycle
* Reviewing vulnerability management information related to GSS/Enclaves and Major Applications including but not limited to: DISA STIGs and SRGs, FDCC/USGCB, NVD/SCAP, Retina/ACAS scans, Vulnerability Management data, HBSS reports, reviewing and interpreting IAVMs, POA&Ms and other continuous monitoring data
* Providing innovative and creative input to shape the System Authorizations/A&A/Information Assurance/Cyber Security portfolio of services and achieve operational efficiency and competency objectives
* Utilizing their subject matter expertise, to lead or conduct security and risk assessments to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4 security controls
* Analyzing enterprise security architectures and make recommendations for security design and requirements that are compliant with applicable Security Technical Implementation Guides (STIGs) and other security standards
* Bachelor's degree in related field (may substitute 5 -10 years of experience in lieu of degree)
* The candidate must have experience in supporting customers in their implementation of RMF and preferably, transition from Department of Defense (DoD) Information Assurance Certification and Accreditation Process (DIACAP) to RMF
* Must have functioned as a security assessor conducing information system security assessments in compliance with RMF initiatives
* Experience in implementing security configuration management for a wide variety of operating systems (e.g., Windows, Linux/UNIX, and Mac)
* Experience in implementing security in Virtualized Environments (VMWare, Microsoft)
* Must be able to coordinate A&A efforts and participate and/or lead collaboration meetings with stakeholders operating in disparate locales and time zones
* Functional/Operational experience with TCP/IP suite of protocols
* Functional/Operational experience evaluating and mitigating vulnerabilities
* Familiarity and experience with NVD/FDCC/National Checklist and/or DISA STIG/SRG implementation and mitigation
* Familiarity with RMF related policies, directives and instructions
* Familiarity with NIST Special Publications 800-37/800-53/800-53A and CNSS Instructions 1253
* Must be able to communicate with clients effectively and at times, explain processes and procedures in layman's terms
* Demonstrated experience in network/internetworking designing, engineering, and sustainment of computer networks ranging from small local area networks (LAN) to enterprise infrastructures to include wireless technologies and topologies
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.