Sterling, VA (remote until restrictions lifted)
Work Authorization: Able to obtain government Public Trust clearance
This position plans, implements, upgrades, or monitors security measures for the protection of computer networks and information for Federal clients. Ensures appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. Respond to computer security breaches and viruses.
Specific duties include:
- Responsible for applying FISMA framework and NIST requirements to the architecture, design, development, evaluation and integration of systems and networks to maintain system security
- Develop and deliver an IT Security Plans.
- Provide the most recent Web Application and Operating System vulnerability scan reports.
- Provide POA&M updates in accordance with requirements and the schedule set forth in the GSA CIO IT Security Procedural Guide.
- Review and update the System Security Plan annually.
- Provide an annual update to the contingency plan completed in accordance with NIST 800-34.
- Provide the results of the annual review and validation of system users’ accounts to ensure the continued need for system access.
- Develop and furnish a separation of duties matrix reflecting proper segregation of duties for IT system maintenance, management, and development processes.
- Provide the results of security awareness (AT-2) and role-based information security technical training (AT-3).
- Deliver the results of the annual FISMA self-assessment conducted per GSA IT Security Procedural Guide.
- Provide a well-defined, documented, and up-to-date specification to which the information system is built.
- Establish and document mandatory configuration settings for information technology products.
- Provide an annual update to the Configuration Management Plan for the information system.
- Provide a contingency plan test report completed in accordance with GSA IT Security Procedural Guide.
- Provide an incident response plan test report.
- Provide Interconnection Security Agreements (ISA) and supporting Memoranda of Agreement/Understanding (MOA/U), completed in accordance with NIST 800-47.
- Define and establish Rules of Behavior for information system users.
- Support independent penetration tests.
- Develop and maintain current the following policies and procedures:
- Access Control Policy and Procedures (NIST 800-53 AC-1)
- Security Awareness and Training Policy and Procedures (NIST 800-53 AT-1)
- Audit and Accountability Policy and Procedures (NIST 800-53 AU-1)
- Identification and Authentication Policy and Procedures (NIST 800-53 IA-1)
- Incident Response Policy and Procedures (NIST 800-53 IR-1, reporting timeframes are documented in GSA IT Security Procedural Guide 01-02, “Incident Response”
- System Maintenance Policy and Procedures (NIST 800-53 MA-1)
- Media Protection Policy and Procedures (NIST 800-53 MP-1)
- Physical and Environmental Policy and Procedures (NIST 800-53 PE-1)
- Personnel Security Policy and Procedures (NIST 800-53 PS-1)
- System and Information Integrity Policy and Procedures (NIST 800-53 SI-1)
- System and Communication Protection Policy and Procedures (NIST 800-53 SC-1)
- Key Management Policy (NIST 800-53 SC-12)
- Possesses and applies a comprehensive knowledge across key tasks described above.
- Ability to plan and lead information security assignments.
- Evaluates results and recommends changes affecting project security and success.
- Functions as a information security technical expert across project tasks.
- At least 10 years related work experience.
- Certified as a Certified Information Systems Security Professional (CISSP)
Desired: Experience with Agile Development Methodology