Centennial Technologies is hiring a Security SME to work with a skilled and motivated team of professionals on a high-visibility FDA program. You will support a dynamic, fast-paced project focused on improving the cyber security posture of civilian government agencies through the implementation and enhancement of a cybersecurity platform, providing integration services, and developing, securing and maintaining cybersecurity dashboards. You will work closely with a variety of agency stakeholders, supporting their mission, priorities, organization and unique challenges.
The position puts emphasis on integrating security within configuration management (CM) in ServiceNow and possibly different system development lifecycle (SDLC) processes. It also provides guidance, processes, and procedures for achieving and maintaining compliance with Federal laws and regulations. The candidate is expected to work with minimal supervision, lead teams, accept greater responsibility for completion of assignments, commensurate with level of experience. This position is in our Leesburg, VA office; however, a hybrid working model is acceptable. You will be required to be in our Leesburg, VA office two days per week. Responsibilities:
- Specific duties include the operation of a continuous monitoring program, developing, updating, and maintaining system security documentation, and implementing security policies and procedures to support continuous monitoring
- Participate in the SDLC to integrate NIST Risk Management Framework (RMF) activities into appropriate phases as required
- Support the NIST 800-37 RMF and associated processes for achieving and maintaining systems’ authority to operate (ATO)
- Assist in implementing policy and processes into continuous monitoring to maintain the system ATO
- Conduct vulnerability scans, update and manage plan of action and milestones (POAM)
- Coordinate security remediation activities, schedules and milestones with stakeholders, establish risk and mitigation strategies, and communicate status
- Update and maintain systems security documentation. Create a comprehensive Project Vision and Plan leveraging the NowCreate ServiceNow(desired) methodology, outlining timelines, resources, and milestones
- Utilize the NowCreate methodology to guide the implementation and configuration of the ServiceNow SecOps solutions
- Conduct risk and vulnerability assessments on changes to the system architecture
- Assist in developing and implement a turn-key FDA CMDB solution that support the cybersecurity capabilities of Continuous Monitoring and Ongoing Authorization
Assist in integrating the cybersecurity capabilities into the FDA Configuration Management Database (CMDB) including Splunk, Crowd strike, RSA Archer and or Tenable
- Participate in change authorization boards (CAB) and provide analysis and recommendations based on the change affecting the security posture of the system Required qualifications to be successful in this role:
- US citizenship is required. In addition, candidates must have the ability to obtain and maintain a Public Trust clearance
- Bachelor’s degree
- Minimum of 10 years of experience working on cybersecurity teams for enterprise cybersecurity shared services programs or Cloud programs
- Continuous monitoring experience with moderate and high impact systems
- Working knowledge of these National Institute of Standards and Technology (NIST) Special Publications 800 series (listed in priority): 800-37 (Risk Management Framework), 800-53 (Security & Privacy Controls), 800-18 (System Security Plans), 800-30 (Risk Assessment), 800-137 (Continuous Monitoring), Federal Processing Standards (FIPS), especially 199 (Security Categorization)
- Prior experience with using tenable and crowd strike scanning tools to detect vulnerabilities
- Knowledge of vulnerability remediation processes related to security scan findings
- Familiarity with Splunk and ServiceNow platforms is desired. Prior knowledge of Tenable, CrowdStrike, DBProtect,
- Familiarity with web inspect public facing URL scanning for vulnerabilities Experience with vulnerability management and security auditing tools, such as Tenable or similar tools. Update and maintenance of plan of action and milestones (POAM)
- In addition, the candidate demonstrates understanding of IT security principles, concepts, policy and regulations. Demonstrate ability to effectively document security controls
- Proficient with Microsoft Word, Excel and Microsoft Project
Desired qualifications/non-essential skills required:
- Technical/development background
- Experience with Federal Risk and Authorization Management (FedRAMP) Cloud related projects
- Experience with Dev\Sec\Ops as an ISSO or security tester
- Certified Information Systems Security Professional (CISSP)
- CISSP concentration
- Certification and Accreditation Professional (CAP)
- Certified Cloud Security Professional (CCSP)
- Certified Risk and Information Systems Controller (CRISC)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- Global Information Assurance Certification (GIAC) and GIAC Security Essentials
- Certified Project Management Professional (PMP)
About The Company
Centennial Technologies Inc. (Centennial) is committed to a healthy work-life balance for our employees, and we have worked hard to foster an environment that enables employees to effectively prioritize both their professional and personal responsibilities. We try to accommodate employees by providing flexible paid time off, a casual work atmosphere, frequent collaborative interaction, and the opportunity to continuously develop career skills.
Centennial offers a competitive benefits package, which includes Medical, Dental, Short-Term Disability, Long-Term Disability, Life Insurance, 401k, Mass Transit Benefits, Paid Time Off, and Federal Holidays.
Our Culture is inclusive of:
A supportive professional environment which promotes a healthy work-life balance
Performance Management techniques that reward our top performers
Employee surveys and discussions to inform Management’s decisions
Paid training on the latest technologies and business practices
An employee-focused model
Our team’s shared vision of client success through cultivating long-term client relationships
Equal Opportunity Employer
Centennial is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, sex, citizenship, national origin, ancestry sexual oriented, gender identity, age, religion, creed, physical or mental disability, marital status, veteran status, political affiliation, or any other characteristic protected by federal, state or local laws.
Powered by JazzHR
XaRWZELu4z