Develop and prepare all pertinent documentation and examine the system/network configurations, boundaries, connectivity, and overall C&A effort. Develop and adhere to project schedule and/or perform key C&A activities including, but not limited to:
Prepare/develop System Security Plan (SSP)
Determine FIPS 199 Information Types/Security Categorization
Perform Privacy Impact Assessment (PIA)
Perform E-Authentication Assessment
Conduct NIST SP 800-26, System Self-Assessment Prepare
Develop IT System Contingency Plan
Prepare/develop IT System Contingency Plan Test Results
Prepare/develop Security Test and Evaluation (ST&E) Plan
Conduct Security Assessment (SRA)
Prepare Plan of Action and Milestones (POA&M)
Prepare Accreditation Decision Letter
As needed, provide program management, control, and reporting functions necessary to manage and direct the accomplishment of the efforts required for certification and accreditation management, document inventory, and external information security reporting. Provide additional recommendations on processes, procedures, and tools that can be implemented to enhance the compliance with independent review objectives established for the systems.
Senior C&A Analyst
Expert knowledge of the following C&A guidelines:
National Institute of Standards and Technology (NIST) Special Publications (SP) 800-18, 800-30, 800-34, 800-37, 800-53, 800-60,
Federal Information Processing Standards (FIPS) 199, 200
Federal Information Security Management Act (FISMA)
OMB Circular A-130, Appendix III
· Required Industry Experience:
Seven or more years of experience in computer science, management information systems, or data security experience
Experience in documenting IT systems implementing diverse technologies such as Operating Systems (Windows, Linux, UNIX, and MAX OSX), various software applications, web-applications, network equipment.
Experience performing all phases of C&A as documented within NIST SP 800-37.
Experience working with numerous IT technologies such as servers, workstations, IDS, firewalls, network components, and other technologies is a plus.
Experience working with information security practices, networks, software, and hardware
Experience working with computer programming
Experience working with computer desktop packages such as Microsoft Word, Excel, etc.
Experience working with security architecture
Education
Masters of Science (M.S.) degree in an IT-related field is preferred but not required.
Security Certification
CISSP certification preferred.
CAP required.
Other relevant Security Certifications.
GIAC Security Essentials Certification (GSEC)
Security+
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Skills
Strong analytical and problem solving skills for resolving security issues
Good organization skills to balance work and lead projects
Basic leadership skills to effectively mentor and lead junior level personnel
Good interpersonal skills to interact with customers and team members
Strong communication skills to interact with team members and support personnel
Strong skills implementing and configuring networks and network components
Ability to work with relational databases
Ability to work in a team environment
Background Investigation
Must successfully obtain authorization to work on Government systems through Entry on Duty Investigation
To apply, please submit resume to Jobs@jdbiggs.com