4077 : IT Security SpecialistApply Here
Job location: Silver Spring, MD
DescriptionIT Security Specialist supporting a team of security experts and the ISSO / Federal customer with A&A functions and general IT Security support related to Federal Government compliance, continuous monitoring, and risk assessment.
DutiesWill be responsible for assisting the system ISSO in A&A functions, security solution development, continuous monitoring, and FISMA Assessments for a local Federal Civilian Agency. Duties include assisting with and/or performing any or all of the following:
- Conduct Assessment and Accreditation (A&A) and perform all continuous monitoring functions and assist in maintaining Systems Authorization to Operate (ATO).
- Oversight and development of POA&Ms as part of the Assessment and Accreditation.
- Audit compliance of security plans based on the National Institute of Standards and Technology (NIST) Security Publications.
- Audit and provide guidance of security program that includes Governance (A&A, Continuous Monitoring, FISMA, NIST, DOC and NOAA policies and procedures).
- Use risk management techniques to develop and complete risk assessments based on NIST standards to ensure IA design sufficiently mitigates IA risk.
- Conduct security tests and evaluations based on NIST 800-53/53A.
- Prepare and analyze reports for Security Program as well as Governance.
- Conduct vulnerability assessments.
- Utilize proficient, clear and concise English written and verbal communication skills in order to interact with clients. Additionally, must be able to communicate with individuals at various levels of expertise in subject areas of concern.
- 1-2 years of experience related to FISMA and IT Security and at least 4-6 years of IT support such as system and/or network administration, DBA, and/or programming.
- Must be proficient with all common operating systems and network technologies (Windows, UNIX, Linux, Cisco IOS) and common security tools and scanners such as Tenable Nessus, and must have experience preparing NIST-based Assessment and Authorization documentation/package, be able to analyze and evaluate system scan results and data from a security and risk perspective, and provide effective mitigation recommendations.
- Must have knowledge of the NIST 800 series publications, FIPS 199, FIPS 200, and the NIST Risk Management Framework (RMF).
- Must have the ability to work independently under aggressive timelines, and must be an efficient, positive, results-driven, problem-solving, team player.
- Must have good verbal and written communication skills to include briefing skills.
- Must be able to pass a full background investigation and obtain a security badge to enter the applicable government facility.
- Less than 25% travel may be required.
EducationBS in Computer Science, Computer Security, Cyber Security, Information Technology, Software Engineering, or other related discipline preferred.
Applicants must have one of the following certifications:
- CompTIA A+
- CompTIA Network+
- CompTIA Security+
- GIAC Certified Incident Handler (GCIH)
- GIAC Security Essentials Certification (GSEC)
- GIAC Security Expert (GSE)
- GIAC Information Security Professional (GISP)
- GIAC Security Leadership Certification (GSLC)
- ISC2 Certified Authorization Professional (CAP)
- ISC2 System Security Certified Practitioner (SSCP)
- ISC2 Certified Information System Security Professional (CISSP)
- ISC2 Certified Information System Security Associate (CISSA)
- ISACA Certified Information System Manager (CISM)
The following certifications are a plus:
- Certified Information Systems Auditor (CISA)
- GIAC Systems and Network Auditor (GSNA)
- Electronic Commerce Council Certified Ethical Hacker (CEH)