Great client of our is hiring in the D.C. area for Security Analysts:
Perform independent compliance reviews, tracking, and continuous monitoring of newly submitted C&A packages.
Advise and assist with the Lifecycle Certification and Accreditation (C&A) process and developing a Systems Security Plan (SSP).
Monitor and track projects in the C&A test queue.
Maintain a document repository where C&A project documentation is stored.
Work closely with developers to identify the appropriate certification/approval processes and authorities.
Record/register actions concerning project approvals to operate in the C&A database.
Read and analyze SSPs and develop understanding of systems and applications into security test plans.
Coordinate C&A actions and system testing with appropriate security personnel.
Develop risk assessment reports.
Assemble and submit C&A packages to Principal Accreditation Authority/Designated Accreditation Authority.
Review IA Compliance Validation Tests and Reports.
Active Secret clearance.
0-3 years of experience in information security, with a concentration on C&A as it applies to the US Government.
At least one security certification (e.g. CISSP, Security +, CAP, CISM, etc.).
Knowledge of the federal security authorization (formerly known as Certification and Accreditation or C&A) process to include key activities and milestones required throughout each phase of the security authorization lifecycle.
Experience with the NIST/FISMA regulatory and compliance environment.
Highly-motivated, fast-learner who thrives in a fast paced environment.
Be able to communicate effectively through written and verbal means to co-workers and senior leadership.
Be able to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met.
Be able to work well with collateral engineers, analysts, and managers on related programs.
Possess a B.A. or B.S. degree in related field.
Ability to conduct effective vulnerability assessments of networked and stand-alone information systems to the extent of conclusively validating all technical controls found within NIST SP 800-53R3, as well as other DHS requirements.
Ability to offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessment/mitigation approaches.
Experience or understanding in all phases of preparing and reviewing complete certification and accreditation (C&A) packages for information technology systems and/or applications as defined by the Federal Information Security Management Act of 2002 (FISMA) and implemented by the guidance of the National Institute of Standards and Technology (NIST).
Experience with DHS or DoD requirements.
Documentation, presentation, and technical writing experience.
Demonstrate a broad range skill in the fields of NIST publications, FISMA requirements and reporting, privacy data identification and handling, security engineering, certification and accreditation (C&A) procedures, security architecture, vulnerability assessments, computer forensics, computer network defense, and policy development.