Job Description :
Information Security Analyst
Active Top Secret clearance, adjudicated within past 5 years.
Subject Matter Expert Level
Location: Washington, DC 20004, USA

Information Systems Security Specialist Provides technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation.
Responsible for designing and implementing solutions for protecting the confidentiality, integrity and availability of sensitive information.
Provides technical evaluations of customer systems and assists with making security improvements. Participates in design of information system contingency plans that maintain appropriate levels of protection and meet time requirements for minimizing operations impact to customer organization. Conducts security product evaluations, and recommends products, technologies and upgrades to improve the customer=s security posture. Conducts testing and audit log reviews to evaluate the effectiveness of current security measures.

Acts as a recognized technical expert in base labor category description.Functions as the highest-level individual contributor in at least one technical area.Utilizes expertise in business management practices, industry requirements and information technology disciplines to develop technical and/or business solutions to client problems. Has a high level of diverse technical and industry experience related to a specific skill set. Typically has specialization in a particular technology or business application. Keeps abreast of technological developments and industry trends.Requires a minimum of twelve (12) years of specific experience. Additional education, training, and/or certifications, plus an advanced degree or significant equivalent experience is also required

Roles and Responsibilities:

Develop and coordinate all authorization documentation associated with the DOJ processes including the Systems Categorization, Systems Security Plan, and Systems risk assessment
Act on the behalf of the Information System Security Officer (ISSO) to the supported component
Support the control assessment, reporting and monitoring processes using the Cyber Security and Assessment Management (CSAM) system. Assess NIST 800-53, Rev 4. Controls and document results in DOJ CSAM repository.
Assist the component with staying on track with Core Controls and A-123 control assessment schedules
Support and document security controls tests, assist in remediation and ensure that POA&Ms are being appropriately managed.
Facilitate preparations for the tri-annual Security Assessment and Authorization (SA&A) component''s Information System.
Conduct assessments of information systems security requirements, evaluate current security posture and recommend priorities for remediation.
Design and develop comprehensive Systems Security Plan, covering at a high level the infrastructure, policies and procedures which define the systems security profile for the analyzed systems; initial Privacy Assessment (IPA) and Privacy Impact Assessments (PIAs) for each major Federal Government IT Systems.
Review and conduct NIST-based Self Assessments, identifying any weaknesses which need to be addressed, and developing a POA&M for each of those weaknesses based on industry best practices.
Develop and conduct System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs); and OMB A-123 security assessments of Federal Government IT Systems.

Basic Qualifications:

To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below.
Bachelor''s Degree and 10 years of experience. An additional 4 years of experience may be substituted in lieu of degree.
10 years’ experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
10 years’ experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
10 years IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security C&A (or SA&A) and ATO on a range of systems including classified systems
Strong working knowledge with NIST Special Publications and the NIST SP 800-37 SA using CSAM system
Active Top Secret clearance, adjudicated within past 5 years.

Preferred Qualifications:

Candidates with these desired skills will be given preferential consideration: Candidates with these desired skills will be given preferential consideration:
12 Years’ experience and a Bachelor’s in Science in Information Technology or Cyber Security
Certified Information Systems Security Professional (CISSP) - maintained and current
Certified Information Security Manager (CISM) - maintained and current
Experience conducting FISCAM-based security audits of Federal Government IT Systems.
Experience with DISA STIG configuration requirements
Certified Information Systems Auditor (CISA) certification - maintained and current.
Certified Authorization Professional (CAP) - maintained and current
Experience with Department of Justice information systems.
Experience with the use of the DOJ CSAM application.
Security Tool experience (e.g. Splunk, FoundStone, Nessus/Tenable, DBProtect, AppDetective, Tivoli/BigFix, Sharepoint, Guardium, WebInspect
             

Similar Jobs you may be interested in ..