The Continuous Monitoring (CM)/Security Analyst Lead will provide oversight to a large and complex portfolio of continuous monitoring processes for a federal client.
The primary functions of the job are to: assess implementation of cyber security policies, procedures and implementations, serve as an Information Security Risk Analyst, analyze security implications of system and programs, and to provide written and oral analysis, reports and briefings for Federal management and senior executive personnel. The incumbent performs risk assessments, Security Tests and Evaluations (ST&Es), contingency plan testing, incident response exercises, and other advanced-level CM activities in accordance with NIST Special Publications 800-30, 800-37, 800-60, 800-53 Rev 4, 800-53A Rev 1, FIPS 199 and related OMB and NIST guidance. This position requires a working knowledge of network technologies such as Microsoft® Windows® and Linux operating systems; Microsoft Active Directory®; database security; service oriented architectures; vulnerability testing; networking protocols and topologies; security architectures; and incident management. The position requires 28-30% domestic travel and an ability to work with clients resident in multiple time zones.
General Description of Duties:
1. Lead and participate in Continuous Monitoring (CM) and Site Assistance Visits (SAV).
2. Review and create documentation and reports such as System Security Plans, Risk Assessments, CM and SAV Reports, etc.
3. Provide recommendations related to improving control implementations, plans of action and milestones (POA&Ms), etc.
4. Other duties as assigned.
Education: Bachelor’s degree in Computer Science or a related field and a Master’s degree or equivalent experience. Certified Information Systems Security Professional (CISSP) certification and Certified Authorization Professional (CAP) certification are both highly desirable.
Experience: Minimum of ten (10) years IT/technical experience is required, to include eight (8) or more years of progressive information security experience with Federal Government projects. Additional experience with the most recent FISMA regulations, NIST special publications, FIPS publications, and OMB regulations is required.
Skills: The position requires a demonstrated capacity to analyze, review, and occasionally apply technology solutions which meet the security control requirements specified by the Department, FISMA, OMB, and NIST guidance. Superior technical, writing, and presentation skills are required. Requires excellent organizational skills, attention to detail, excellent customer service skills, working knowledge of Microsoft Office, ability to multitask, and excellent written and verbal communication skills.
Unique Requirements: Candidate will be subject to a security investigation and will need to meet eligibility requirements for access to classified information. Must be clearable to Top Secret (TS)/DOE Q. Prefer active DOE Q Security Clearance. Candidate must be available for domestic travel 28-30% of the time.
US Citizenship is a requirement for this position. Candidate may be subject to a security investigation and may need to meet eligibility requirements for access to classified information. Security clearances are a plus.