Perform Information Systems audits
Complete System Security Plan (SSP) / Data Security Plan (DSP) cybersecurity risk analysis
Advise Cloud Security Architects and Engineers on results of cybersecurity risk analysis
Execute and support major Program security initiatives
Conduct staff security outreach and engagement
Provide information security decision support
Conduct assessments on vulnerability scanning and patch compliance
Conduct cyber research collaboration and risk mitigation
Provide staff security awareness and training
Support incident response and remediation efforts
Produce security risk and impact assessment reports
Bachelor’s degree in Computer Science, Information Technology, Computer Information Systems, or related field is required.
Information Assurance Certifications preferred (CISSP/CISA, Security+, GSEC, CRISC or equivalent)
A minimum of 3 years prior experience in a highly regulated security environment is preferred.
Advanced academic degrees and/or certifications in Information Assurance, Information Security or IT certifications may be considered substitutes for regulated security experience.
Experience in compliance auditing, security reviews, or vulnerability assessments
Technical experience and skills, course work completed toward a degree, and industry IT certifications (i.e., CISSP, CISA) may be considered substitutes for education and experience.
Candidate must possess an in-depth knowledge of information security principles and policies to include the Risk Management Framework (RMF) as presented by the National Institute of Standards and Technology (NIST)
Technical experience and skill securing operating systems such as Linux, Windows Server/client OS, and virtualization technologies.
Experience using vulnerability scanning tools such as NESSUS, SCAP, RETINA, WASP, SECSCN
Experience using audit reduction tools, and endpoint security products
Experience assessing vulnerabilities in Free and Open Software (FOSS), Commercial-off-the-Shelf (COTS), Government-off-the-Shelf (GOTS), and custom software
Working experience directly related to certification and authorization using any the following:
NIST 800-53 / Risk Management Framework (RMF)
AICPA SOC 1 and 2
HITRUST / Common Security Framework (CSF)
Knowledge of System Security Plans (SSPs) and associated artifacts such as the Plan of Action & Milestones (POA&M), Risk Assessment Reports, and Continuous Monitoring Strategies
Demonstrated capabilities in presenting ideas written and orally are required.