
- Oficina en Herndon
What Your Day-To-Day Looks Like (Position Responsibilities):
- Understand/document information system specifications and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system
- Advise stakeholders on multiple courses of action in an environment with changing unconfirmed policy, e.g., NIST RMF and DISA SRG
- Document multiple courses of action and identify risk mitigation recommendations in accordance with FedRAMP requirements, SAP NS2 policy, procedures, and best practices, with associated benefits/drawbacks to each
- Apply enterprise security frameworks and capabilities, such as FISMA, NIST SP 800, etc. towards existing initiatives such as cloud environments
- Develop/update policies and procedures to implement FedRAMP compliance as well as compliant with NIST 800-171 security requirements and other DFAR clauses
- Understand enterprise operating environments, including security posture, application environment, and associated security controls
- Demonstrate familiarity with current FedRAMP, DOD and NIST Security controls and technologies, including vulnerability management capabilities
- Identify and assess Cloud System state, including vulnerabilities, RMF package stataccreditation model, PPS compliance, and patching/CSVA mechanisms
What You Need to Succeed (Minimum Requirements):
- Bachelors degree in Computer Information Systems or Math/Sciences
- Demonstrated knowledge and the ability to analyze systems for Cybersecurity compliance
- Ability to work in fast-paced, team-oriented environment
- Knowledge of various security scanning tools (Such as NESSUS, Splunk or Application scanning)
- Knowledge of Federal and DoD policies and risk assessment methodologies, including FedRAMP
- Experience in writing or executing system security documentation, authorization to operate packages, POA&Ms, and policies
- Experience in reviewing/editing/writing technical documents
- Presentation And Public Speaking Skills Required
- Knowledge of DISA STIGs and SRGs, Committee for National Security Systems Instructions and NIST Risk Management Framework
- Knowledge and understanding of systems and networking technologies and concepts
- Ability to interpret and assess network diagrams and drawings using Visio
- Familiarity with Testing, Development, Staging, and pre-production environment requiring cyber security support
- Knowledge of Privacy Act
Solicitar ahora