- Washington, DC
What you'll be doing
- The security analyst will provide subject matter expertise to the government's information security program management office (ISPMO) and information system security officer (ISSO). Responsibilities include reviewing security policies and processes, developing assessment and authorization documentation, verifying the existence of established security controls, interpreting security principles and requirements for technical teams and developing plans to address gaps in the security posture. Developing security recommendations following NIST guidance and industry best practices. Tailoring NIST 800-53 security controls to the government environment. Developing security requirement traceability documentation. Supporting the development of security solutions. Monitoring the integration of any solutions into the government environment. Formulating, creating and tracking security plan of action and milestones (POA&M). Developing security control implementation statements for general support system.
What your background should be
- 4+ years of related experience. Experience serving as or supporting, an information system security officer (ISSO). Demonstrated experience with information security engineering practices and experience with implementation of NIST SP 800-53 security controls. Broad understanding of security protections typical in enterprise environments, including: application protection techniques such as application hardening, web application firewalls and input filtering, system security practices such as operating system hardening and defining and isolation across security zones and network elements covering data in transit, defensible architectures and boundary or endpoint best practices. Experience maintaining security authorization using the cyber security assessment and management (CSAM) tool. Will be required to pass a thorough background investigation, including possibly a credit check and drug screening. Must be a US citizen. Active CompTIA security+ or ISC2 CISSP certification.
Required Schooling / Training
- Bachelor's degree or equivalent.
Who is the client company
- Concern about information technology and services.
- If you are interested in this position, send your resume to email@example.com