The Information System Security Officer/Security Analyst will use Federal Certification and Accreditation (C&A) processes to research, verify and document information security controls in order for the "systems" to be accredited.
- Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon NIST.
- Analyze and advise on the risk and remediation of security issues based on reports from vulnerability assessment scanners, patch management tools, and emerging threat information.
- Initiate, coordinate and track the patching and remediation of security weaknesses as they are discovered, via a "Plan of Actions and Milestones" (POAM).
- Report on security status and security incidents.
- Conduct Security Authorization document reviews.
- Create and compile Authorization packages to include: Designation Letters, Security Plans, Contingency Plans, SOPs.
- Conduct meetings with Government leadership and briefing on the State of Security for the systems in their purview.
- Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system.
- Assist in maintaining all configurations, architecture, installed software, accounts, data flows, ports, protocols, and other relevant data for each IT System and capture in design documents.
- Work with auditors to identify Key Controls which must be assessed on a recurring annual basis.
- Work closely with the vulnerability management team to solve POAMs
- U.S. citizenship required.
- BA/BS or higher preferred, in Computer Science, Information Systems, Software Engineering or other related analytical, scientific, or technical disciplines.
- Prior work experience in IT security, including Certification and Accreditation and/or IT security risk analysis/advice, preferably in support of the Federal government.
- Knowledge of Federal government C&A practices and policies, particularly, FISMA and NIST SP 800-53.
- Experience with information assurance tools preferred.
- Ability to work independently and also collaborating closely with application developers, engineers and others.
- Must be self-motivated and results oriented.
- Effective written and oral communication skills.
- Previous experience in or working for the government a plus.
- Working knowledge of Ongoing Authorization within the NIST Framework