Tantus Technologies, Inc. - recognized by the Washington Post as a Top Workplace - is seeking an Information Security Specialist to provide IT systems security support in compliance with the NIST standards and covers all information assurance functions across all task areas. You will need thorough knowledge and understanding of Federal Information Security Management Act (FISMA), including the NIST 800 series Special Publications (SP), FedRAMP, and Federal Information Processing Standards (FIPS) guidelines and regulations. This role will support one of Tantus' Federal clients in their Information Security & Privacy (IS&P) Governance Support area.
*US Citizenship required.*
- Support the Governance program as an advisor to the system/application owner to ensure appropriate implementation of the NIST Security Framework through the lifecycle of the system including but not limited to the pre-security assessment tasks and coordination with System Owners (SO)
- Provide support with data type selection and system categorization according to FIPS 199
- Ensure the vulnerability scans are coordinated and conducted prior to the assessment including submitting scan forms and credentials
- Work with appropriate stakeholders (e.g. Vulnerability Management branch) to review and analyze vulnerability scan results to identify trends
- Coordinate and facilitate pre-assessment meetings with stakeholders
- Review and advise SO with IS&P requirement documents for new systems
- Provide support for reviewing the system to identify and offer advice on elimination of unnecessary IT protocols, functions, ports, and/or services
- Provide policy guidance on IaaS, PaaS, and SaaS implementation to Cloud environments, procurement of Cloud solutions, and assessments of applications residing in Cloud environments
- Provide assistance to SO and system stewards in Security and Privacy assessments
- Review Security Impact Analysis for major changes prior to production
- Provide Security and Privacy guidance to SOs and/or their respective POCs
- Provide support to SO with analyzing Plan of Actions and Milestones (POA&M) and remediation solutions and costs. Related solutions may be communicated to the SO/customer via electronic media and/or oral discussions as identified by the requestor
- Create, document, review and edit as appropriate (new and existing) system security documents for completion and accuracy (to include but not limited to SCD, SSP, SIA, PIA, PTA, POA&M, Disaster Recovery Plan/DRP, etc.) to ensure security requirements are included
- Review of the Risk Assessment Report (RAR) with SO for completion and accuracy
- Review and assist in obtaining SO information and steward signatures on all assessment packages
- Create and utilize a risk methodology, which includes amicable methods of reducing operating risks for computing systems
- Review and/or input CSAM Analysis for assessments and common control inheritance. Review for applicability and remaining residual risk and provide and/or input CSAM system updates as required
- Provide Weekly/Monthly Labor Distribution Report. Report to include identification of time expended on activities/duties for the current week (M-F) and document activities participated within for the week outlining major activities participated by for each staff member
- Successful completion of a four (4) year degree from an accredited college or university in Engineering/Math/Science
- At least three (3) relevant years of experience planning, managing, and implementing technical IT Security projects/programs under Government contracts
- Demonstrated ability to analyze and synthesize data
- Ability to work independently or as part of a team
- Self-motivated, well-organized, and detail-oriented
- Excellent verbal and written communication skills
- Ability to obtain a Public Trust security clearance