We have an immediate need for a Sr. Security Specialist for a long term Federal contract in Alexandria, VA. This is a full time position with a competitive salary and excellent benefits.
The successful candidate will be responsible for providing direct information system security and information assurance support to Federal information system owners, system Technical Leads and Information System Security Officers (ISSO). The Senior Security Specialist will support the Federal customer throughout the entire Security Assessment and Authorization (SA&A) program, previously known as Certification and Accreditation (C&A), as well as provide direct support to the Federal customers’ Continuous Monitoring program. Such activities will include conducting interviews, documentation reviews and other data gathering activities, security controls analysis, security planning, policy and procedures development, security controls assessment, risk analysis, and the development of recommended risk mitigation solutions. The candidate will also track and coordinate mitigation activities with system owners and IT support staff, in order to reduce risk to the systems by managing and facilitating the risk mitigation activities. Such effort may also include managing and editing the documented status of mitigation plans of action and milestones in tools, such as the Cyber Security Assessment and Management (CSAM) and RSA-Archer.
In addition, the Senior Security Specialist supports system owners and ISSOs by providing information security consulting services throughout the life cycle of selected information systems. This may include security requirements analysis and development, evaluation of potential risk created by proposed system changes, assisting in the design and documentation of the security architecture of new systems, development of security-specific policies and procedures, and other security-related, system support activities.
Such activities include the development and updating of security authorization documentation, to include, but not be limited to the following:
· System Security Plans
· Risk Assessments
· Contingency Plans, Procedures and Test Results
· Security Assessment Plans and Reports
· Configuration Management Plans
· Interconnection Security Agreements and Memorandum of Understandings
· Privacy Threshold Analysis and Privacy Impact Assessments
· In order to meet these responsibilities, the successful candidate will have a complete understanding of the Risk Management Framework, FISMA, Federal Information Processing Standard (FIPS) 199 and NIST Special Publications 800-37 and 800-53.
Required Skills and Experience:
· 8+ years of experience with security policies, system(s)functions, technical security safeguards and operational security measures.
· Secret Clearance (or above)
· Able to communicate in English and have excellent oral and written communication skills.
· Ability to complete projects within specified timeframe.
· Solid understanding of Windows and Linux/Unix based Operating Systems, networking (TCP/IP, Ports, Active Directory, DNS, and DHCP), Switch / Router configuration, and Security.
· In depth knowledge and understanding of NIST 800 series standards and guidelines, related Federal Laws, policies, memoranda and current best practices for Information Assurance and System Security.