Information System Security Analyst duties include:
Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation
Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications
Analyze vulnerability scan results for validation and root cause
Technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation.
Responsible for the design and implementation of security solutions to protect the confidentiality, integrity, and availability of sensitive information.
Provide technical evaluations of customer CM and CMI solutions and provide security recommendations.
Participate in the design of information system business impact analysis, system categorization, contingency plans, privacy documents, and other system security documentation to maintain appropriate levels of protection and meet requirements for minimizing operational impact to the enterprise.
Conduct testing and audit log reviews to evaluate the effectiveness of current security measures.
IT Security Control Assessor needs to possess the following skills:
5+ years of experience conducting security control assessment of all NIST 800-53 controls
Knowledge of NIST 800-53 security controls and required documentation.
Conducted security control assessments based on a Risk Management Framework approach.
Familiarity with Cyber Security Assessment Methodology (CSAM) tool a plus
Qualifications
US Citizen
Certification(s) in information technology (i.e. Security+,)
BS degree in a computer or system science discipline from an accredited college or university.
Working experience in Federal Government Contracts is a must.
Active Public Trust Clearance (adjudicated within past 5 years) is a must.
Additional Information
All your information will be kept confidential according to EEO guidelines.