In this position, you are a Senior Information Security Professional responsible for providing security-related support services to a portfolio of existing operational systems of varying sizes and complexity. Your primary responsibility is to help ensure the program office, system owners and engineering staff are responsive to the agency’s security related inquires, comply with policies and security controls, and maintain security authorization artifacts. You will act as a liaison to communicate and provide timely/accurate responses to federal and agency security related data calls (e.g., FISMA reporting, assets with known vulnerabilities) to include interpreting changes to policies, standards, and procedures. In addition, you will provide expertise and guidance to implement applicable security controls throughout the system development lifecycle. You will work in a customer-facing role in a dynamic team environment with multiple touchpoints interfacing with many stakeholders.
Essential General Functions:
- Work closely with the program management office, system owners and engineering staff to provide guidance on whether security policies, standards and procedures are properly implemented
- Analyze new or updated security policies and data calls, collaborate with stakeholders, and develop responses that are clear and accurate
- Collaborate with ISSOs and system owners to maintain and update system security documentation related to ATO and annual assessment.
- Support the review/update of security authorization artifacts such as System Characterization Documents, System Security Plans, System Contingency Plans, Privacy Threshold Analysis, and others as needed
- Interpret security risk assessment, review security scan results, assess security vulnerabilities and support the development/tracking of Plan of Action and Milestones (POA&Ms) mitigation and/or risk acceptance
- Support the development and modification of implementation and design documents describing how security features are implemented
- Work with engineering personnel to document remediation actions for system vulnerabilities and non-compliance
- Analyze and interpret agency security requirements to communicate to non-security savvy personnel
- Collaborate with the system maintainer to support continuous monitoring efforts
- Provide Splunk Administration Support to include working with existing Splunk applications and add-ons to fulfill customer needs, defining auditable events, create/update dashboards, review suspicious activities, edit configuration files/apps and continuously review logs
Qualifications:
- 5 years of relevant experience with bachelor’s degree in relevant field or 3 years of relevant experience with master’s degree in relevant field
- Must hold one of the following certifications: CISSP or CASP+
- Familiarity with such tools such as Splunk, Tenable's Nessus and/or Security Center, Network Mapper (NMAP), App DetectivePro, HP Web Inspect, or similar applications
- Experience working with Azure/AWS cloud computing services, databases, networks, hardware, firewalls, cross-domain solutions, and encryption in a cyber-security role
- Thorough knowledge of NIST 800 Special Publications, Federal Information Processing Standards (FIPS) and other significant federal regulations
- Strong background and extensive experience with Risk Management Framework (RMF)
- Must be familiar with and have previous experience with the security authorization process including the review of system security documentation, i.e., system boundary definition, systems security plan, configuration management plan, contingency plan, and security agreements (e.g., MOUs, ISAs), etc
- Experience evaluating systems, assessing system risks and security findings, and recommending mitigation and remediation actions
- Knowledge of electronics theory, IT, telecommunications, and supervisory control systems including cryptography, vulnerability assessment, and exploitation techniques
- Knowledge and experience with requirements risk management, security engineering, and security architecture
- Excellent interpersonal skills, including the ability to work on multi-functional teams
Desired Qualifications:
- Experience using NIST SP 800-60 Guide for Mapping IT Systems
- Experience using NIST SP 800-160 Systems Security Engineering
- Experience using NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations
- Experience using NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- Certified Information Systems Auditor (CISA) Certification
- Proficiency using CSAM (Cyber Security Assessment Management) tool
- Vendor specific cloud certifications ( AWS, Azure, GCP)
Clearance:
- Must be a U.S. Citizen and pass a background investigation for Public Trust
- Must be willing to undergo a background investigation
Work Location:
· Prefer local to Northern Virginia but remote work is acceptable
Competitive Benefits:
· Medical, Dental & Vision coverage
· Life Insurance
· Short, Long Term Disability Insurance
· PTO & Federal Holidays Off
· 401(k) Plan
· Access to state-of-the-art gymnasium (at TechTrend HQ)
· Premium coffee bar (at TechTrend HQ)
About TechTrend
TechTrend, Inc. is a veteran-friendly small business providing expert solutions, products, and services to the federal government. Founded in 2003, we continue to evolve with capabilities in cybersecurity, devsecops, cloud managed services, cloud migration, and application development. We are a Microsoft Gold Partner and leading provider of Azure cloud services. TechTrend is recognized as a trusted partner delivering knowledge and guidance for our client’s most critical and complex support and service needs. As a liaison for positive organizational change, we form relationships and build bridges while ensuring quality across functions—gaining buy-in from both leaders and end-users and removing barriers to mission success. Our established processes ensure quality delivery of results by maximizing efficiency, productivity, and client satisfaction enterprise wide. TechTrend is a fast-growing company with a dynamic, inclusive corporate culture headquartered in a state-of-the-art facility near the well-known Fairfax Mosaic District.