Travel: New Mexico
Clearable
- Develop and execute a Certification & Accreditation program within a major Government Agency. Must possess experience with NIST or DITSCAP standards. Requires 5 years of related security experience with a BS degree. If candidate does not possess a degree then he/she must possess 9 years of experience. It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar security professional certification.
Principal Duties and Responsibilities:
**Develop, update, and maintain appropriate Certification & Accreditation packages based on NIST standards for general support systems and major applications
**Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application
**Develop and maintain POA&M for all accepted risks upon completion of system C&A.
**Assist the government with developing a network of public and private sector organizations capable of providing cost effective, quality, system and network security assessment and certification based on unified federal guidelines and procedures
**Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the system certification guidelines and procedures - Able to provide support and guidance to ISSO/SO's through the POA&M remediation process, Certification & Accreditation (C&A) progress, including compliance monitoring of C&A artifacts, annual self-assessments (NIST 800-53), vulnerability scans.
- Able to assist with many other ISSO responsibilities including documentation, policy compliance, and CM review, as well as user training.
- Working knowledge of the Trusted Agent FISMA Tool (TAFT) and the Risk Management System (RMS).
- Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53, FIPS-199/200, and 800-30.
- Working knowledge of Microsoft Office Suite (to include Excel, Word, and Powerpoint).
- Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
- Assist in ongoing training efforts for TAFT, RMS, FISMA and related IT Security mandates which may include developing and presenting briefings given to an audience of other IT professionals.
- Participates in the development and maintenance of reports which serve to monitor and track multiple FISMA related metrics.
- Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with information technology security.
- Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develops, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.
General Skills:
- Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.
- Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.
- Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines. Develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
- Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
- Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
- Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training.
- Assesses the impact on the business unit/customer caused by theft, destruction, alteration or denial of access to information and reports to senior management.
- Provides leadership and work guidance to less experienced personnel.
- Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
Other Skills/Qualifications (preferred/pluses):
- Possess security certifications (CISSP, CCNA, etc) and/or top secret security clearance
- Good communication skills
- Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues
- Ability to perform and interpret vulnerability assessments
- Ability to administer the operations of a security infrastructure
- Ability to balance and prioritize work
Qualifications
Basic Qualifications
- Bachelor's degree or equivalent combination of education and experience
- Seven or more years of experience in network, host, data and/or application security in multiple operating system environments
- Demonstrate experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
- Demonstrated Experience working with internet, web, application and network security techniques and working with relevant operating system security (Windows, Solaris, Linux, etc.)
- Proven experience working with leading firewall, network scanning and intrusion detection products and authentication technologies
- Demonstrated experience working with federal regulations related to information security (FISMA, Computer security Act, etc.) and with NIST Special Publications and C & A process methodology
