Tuesday, September 15, 2009

C & A Analyst - Washington DC

Principal Duties and Responsibilities:

 

  • Develop, update, and maintain appropriate Certification & Accreditation packages based on NIST standards for general support systems and major applications
  • Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application
  • Develop and maintain POA&M for all accepted risks upon completion of system C&A.
  • Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the system certification guidelines and procedures 
  • Able to provide support and guidance through the POA&M remediation process, C&A progress, including compliance monitoring of C&A artifacts, annual self-assessments (NIST 800-53), vulnerability scans.
  • Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53, FIPS-199/200, and 800-30.
  • Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with information technology security.
  • Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develop, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.

General Skills:

  • Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.
  • Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.
  • Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines; develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
  • Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
  • Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
  • Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training.
  • Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Other Skills/Qualifications (preferred/pluses):

  • Possess security certifications (CISSP, CISM, etc.)
  • Good communication skills
  • Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues
  • Ability to perform and interpret vulnerability assessments
  • Ability to administer the operations of a security infrastructure
  • Ability to balance and prioritize work

    Qualifications

    Basic Qualifications
  • Bachelor's degree or equivalent combination of education and experience
  • Three or more years of experience in network, host, data and/or application security in multiple operating system environments
  • Demonstrate experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
  • Demonstrated Experience working with internet, web, application and network security techniques and working with relevant operating system security (Windows, Solaris, Linux, etc.)
  • Proven experience working with leading firewall, network scanning and intrusion detection products and authentication technologies
  • Demonstrated experience working with federal regulations related to information security (FISMA, Computer security Act, etc.) and with NIST Special Publications and C & A process methodology