Information Assurance / Security Specialist ‐ Senior Level
- Job Category: Information Technology
- Travel: No
- Clearance: SECRET
- Shift: Day Job
- Req ID: AGT00190
Akima Global Technology is seeking a Senior Level Information Assurance / Security Specialist to identify cybersecurity deficiencies in information systems by performing technical assessments of assigned systems and applications to determine the severity of weaknesses. This position will support the Security Authorization (SA) and Continuous Monitoring (CM) along with the Risk Management Framework (RMF) process. Results of the assessments will be documented in the compliance tool, (e.g., IACS, CSAM, etc.), utilizing a standard report format with the results and findings from the assessment, along with recommended mitigations. Results will also be entered into the compliance tool.
Create, manage, and utilize Assessment Standard Operating Procedures and Testing Templates and ensure that assessments are conducted accurately, efficiently, and consistently.
Create, manage, and utilize Assessment Guides and Training Material documents that assist system stakeholders in preparing for upcoming assessments.
Create, manage, and utilize Check-Point Reviews to determine the readiness of the system for assessments. Includes the status of POA&Ms for the system, review of control implementations for applicability and the state of the Body of Evidence (BOE) materials to support the assessment.
Manage Assessment Entrance Conference Briefing; creating agenda and meeting minutes for the system stakeholders on what to expect during the upcoming assessments.
Draft Security Assessment Report (SAR) for review by the stakeholders to prepare for the Exit Conference.
Manage Assessment Exit Conference Briefing, creating agenda and meeting minutes for the system stakeholders on the results of the Exit conference to determine the final SAR.
Create Final Security Assessment Report for review by the stakeholders to prepare for the Exit Conference.
Develop and maintain an overall Security Assessment Schedule that forecasts system assignments for contractor and stakeholder staff over the period of performance.
Develop testing artifacts for each system to include, as appropriate, the technical assessment plan, the Rules of Engagement (ROE), the Security Requirements Traceability Matrix (SRTM), the Security Assessment Report, and any other necessary documentation.
Update and maintain all testing templates and Standard Operating Procedures (SOP) as needed, or on an annual basis per guidelines, to include the utilization of the compliance tool.
Create Assessment Guides to assist ISSOs, ISSMs, System Owners and other stakeholders to prepare for upcoming assessments.
Conduct and/or review vulnerability scans, review device configurations, and review system architecture.
Provide advisement and recommendations to the Government for assessment and security best practices including tools that are used for assessment activities.
8 years’ experience in an Information Assurance or Information Security position.
4 years’ experience of NIST Security Control Assessor (SCA) experience.
Security , CISSP, CISM, CRISC, or CSSP certification.
Active Secret security clearance.
Bachelor’s Degree (preferably in Computer Science or related field).
Experience leading assessment teams from planning through execution and finalization an of assessment.
Capable of performing in a fast-paced environment.
Strong communication skills both verbally and in written form.
Mastery of control assessment requirements based on the NIST 800-53A.
Technical expertise in assessing environments such as but not limited to Applications, Operating Systems, Databases, Appliances, Cloud Environments, and Physical environments to validate a full deployment of a defense in depth strategy.
In depth understanding on how to read Nessus scan reports and identifying security vulnerabilities, configuration settings, and security compliance.
Proficient technical writing skills developing control findings, detailed assessment reports, technical requests for the system engineers, and other security assessment documentation.
Extensive experience conducting assessment interviews of system engineers, administrators, and other support personnel including demonstrations to accurately validate system configurations.
Knowledge of Security Control testing and validation on both technical and policy areas.