- Provide Assessment and Authorization (A&A) and Cybersecurity support, including the NIST Risk Management Framework (RMF), in a Federal Agency or Department of Defense (DoD) environment
- Assess compliance with DoD security technical implementation guides (STIGs)
- Provide guidance and direction on FISMA related activities IAW with NIST 800-37, DHS 4300A, and FedRAMP.
- Review automated vulnerability scans, security test and evaluation (ST&E), vulnerability assessments, and document findings in Plans of Action and Milestones (POA&Ms) to determine the adequacy and effectiveness of remediation efforts.
- Review and process Interconnection Security Agreements (ISAs), Policy waivers, Approval to Test (ATT), Interim Approval to Operate (IATO), and Authorization to Operate (ATO) security documents
- Develop and execute Security Assessment Plans (SAPs)
- Experience in interpretation and evaluation of implementations of NIST 800-53 rev 4 security controls as satisfied, or other than satisfied.
- Document security control compliance findings (NIST 800-53 Rev 4) within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs)
- Create and maintain RMF Security Documentation packages using eMASS or DHS IACS/Xacta
- Develop IT architecture deliverables, specific to information security countermeasure implementations, for both operational systems and systems under development
- Develop IT security policies, standards, and guidance.
Desired Candidate Qualifications
A successful candidate will become a subject matter expert (SME) in information technology, technical writing, and project management. Candidates should have strong skills in at least one of these three specialties and some experience, professional or otherwise, working with the remaining two areas.
The following is a list of related traits and skills we are looking for in a Security Controls Assessor candidate. First Info Tech does not expect that candidates will necessarily meet all of the items on this list.
- Basic understanding of information security principles and risk assessment techniques
- Advanced understanding of IT operations techniques
- Experience completing or managing to completion projects/tasks/deliverables with minimal supervisory oversight
- 2 or more years hands-on experience in a Security Control Assessor position, or as a functioning Information System Security Officer (ISSO)
- Strong familiarity with National Institute of Technology (NIST) Information Security Publications 800 Series
- Experience developing and promulgating Security Assessment Plans.
- Experience as the author of NIST System Security Plans (SSP), Contingency Plans (CP), Incident Response Plans (IRP), etc., is a plus
- Strong verbal communication and presentation skills. Able to interview engineers on technical subject matter as well as brief executive level stakeholders
- Advanced writing skills: able to clearly articulate ideas for executive level consumption as well as technical staff consumption
- Advanced problem-solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients
- IAT-II certified (CompTIA Security+, GSEC, SSCP, or CCNA-Security)
- Certified Information System Security Professional (CISSP) certification is a plus
- Experience with DoD Connection Access Points, and ATO processes in both the NIST and DoD environments is a plus
- Two or more years functioning in an operational IT role with exposure to diverse IT architectures, demonstrating progressive growth of skills and responsibility
- Bachelor’s degree, and/or demonstrated proficiency and experience in IT Security principles, practices
- Candidates must be United States Citizens
- Minimum Secret level security clearance is required
Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at 844-463-6178