Vacancy expired!
Job Description
The Senior Information Systems Security Analyst is a “hands-on” position responsible for conducting structured security certification and accreditation activities utilizing the Risk Management Framework and in compliance with the Federal Information Security Management Act (FISMA) requirements.
Responsibilities include but not limited to:1. Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation. Review existing SA&A documentation, Security Assessment Report and security infrastructure (i.e. IDS, firewalls, vulnerability scan tools, etc.).
2. Assess NIST 800-53, Rev 4. Controls and document results in DOJ CSAM repository.
3. Conduct assessments of information systems security requirements, evaluate current security posture and recommend priorities for remediation.
4. Perform and document risk assessments, analyzing security vulnerabilities, network security, configuration management and the metrics to measure the risks associated with those vulnerabilities;
5. Review information system infrastructure and application architecture to assess security requirements.
6. Review and conduct NIST-based Self Assessments, identifying any weaknesses, which need to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices.
7. Support the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system.
8. Develop and conduct System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems.
9. Develop and coordinate all authorization documentation associated with the DOJ processes including the Systems Categorization, Systems Security Plan, and Systems Risk Assessment.
10. Design and develop comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems;
11. Develop Systems Security Users Guides specific to selected networks, desktop computers, servers and data base systems;
12. Design, develop, and validate System Test and Evaluation (ST&E) reviews for new and/or legacy systems.
Qualifications
1. 6 - 8+ years of experience as a Security / Network Administrator or equivalent knowledge.
2. BA or BS degree in CS, IT, Engineering, or a related field preferred.
3. US Citizen.
4. Active Public Trust / Top Secret / TS-SCI Clearance.
5. Experience testing and documenting information security controls (NIST SP 800-53v3 or v4).
6. CISSP / CEH Certifications preferred.
Additional Information
All your information will be kept confidential according to EEO guidelines.
Vacancy expired!