Responsibilities

• Provide Information Assurance support to Government client. Support the development of security documentation including System Security Plans (SSP) and Security Controls in accordance with NIST publications and the Risk Management Framework leading to system Authorization to Operate (ATO).
• Work with system owners to address POA&M and continual system security evaluation processes and finding.
• Interface with internal and external agency security personnel to establish and maintain Interagency Security Agreements (ISAs).
• Track system interconnection security documentation in support of the System Owner. There are roughly 175+ interconnections requiring memorandum of agreement (MOU) and interconnection security agreement (ISA) documentation. Responsible for ensuring all interconnections are covered by appropriate and up-to-date ISA documentation by initiating and developing ISAs for all new connections or connections requiring ISA renewals.
• Will work closely with the internal Federal Customers and External Agency ISA Coordinators to assist with the coordination and approval of ISA documentation.
• Provide technical expertise to the design, development of Case Processing applications that will implement required information security policies and procedures.
• Devise and conduct risk assessment programs to identify areas of potential vulnerability for all applications within this agencys application suite.
• Interpret and evaluate proposed legislation and broad-based policies concerning information technology.
• Assesses potential impact on existing program requirements working with Case Processing System Analysts.
• Evaluate the feasibility of implementing new developments to enhance systems security and reliability and Analyze findings and develop long-range plans to minimize risks, mitigate vulnerabilities, prevent security incidents, and insure systems reliability across supported systems.
• Develops, recommends, and implements approved security contingency plans, incident response plans, and disaster recovery procedures for the Case Processing applications.
• Coordinates with network security and application teams in determining Intrusion Detection Systems/Intrusion Protection Systems (IDS/IPS), Firewall, Security Proxy, Email Security, and Vulnerability Scanning Solutions that will be used with Case Processing.
• Work with Information Security Specialists, Network Support personnel, System Administration personnel and others to access system security posture and remediate vulnerabilities

Qualifications:

Bachelor's with 8+ years (or commensurate experience)

Required Skills and Experience:

• Must have 5+ years of experience with Risk Management Framework (RMF)

• Must have expert proficiency with assessing, documenting and remediating cyber security vulnerabilities
• Must be able to lead efforts to remediate system vulnerabilities and close identified Plan of Action and Milestones (POA&Ms)
• Must be able to lead efforts to Update security documentation for NBIB IT PMO systems needed to obtain and maintain Authority to Operate (ATO)
• Must be able to lead efforts to work with project teams to collect evidence and remediate findings
• Must be able to lead efforts to work with Information Security Specialists to access system security posture and remediate vulnerabilities

Clearance Required: US Citizenship is required to obtain and maintain Top Secret Clearance with SCI

Preferred Skills and Experience:

• Certified Information Systems Security Professional (CISSP)