Location: Washington DC (onsite four days a week with one telework day)
Shall work eight (8) hours a day anytime between 6:00 AM and 6:00 PM ET, Monday through Friday
About Swingtech Consulting, Inc.
Swingtech Consulting, Inc. provides technology and management consulting services for the federal, state, and local government. Our team is comprised of skilled, certified consultants that help clients achieve success with effective, created, and rapidly executed solutions. We are rapidly growing and are always looking for intelligent and motivated people to join our team.
Swingtech is currently looking to fill a Security Assessor role in the Washington DC area. This position is currently remote, but the right candidate must be flexible and willing to also work in office.
Primary Responsibilities:
Support the development and review of architectural specifications and documents for IT security;
Support the review of IT security program plans, Agency security directives, policies and procedures, and IT security templates including Information Technology Policy;
IT Security Program Evaluation Reports. Support the evaluation of the effectiveness of the implementation of agency IT security policies, and procedures using a Capability Maturity Model (CMM) based framework;
The Vendor shall assist in security assessment activities at all phases of the SDLC. This includes conducting market research that supports agency’s technical evaluation of software, hardware devices, applications or services.
For new agency information systems, and in the case of major modifications to certified systems, the Vendor shall be the independent security assessor as defined in NIST and OMB guidance.
For each information system, at a minimum, the Vendor shall plan and conduct a security assessment in compliance with NIST SP 800-37 “Guide to Applying the Risk Management Framework to Federal Information Systems” and NIST SP 800-53a “Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans”, deliver a security assessment report and assist with recommendations to correct weaknesses and deficiencies identified in the Plan of Action and Milestones (POA&M).
The SA shall conduct ongoing security control assessments; monitoring and evaluation of configuration settings; status reporting on the implementation of remediation plans in the system POA&Ms; and an annual assessment of security controls selected on the basis of a risk analysis of the operating environment and the current threat(s).
Support reviews of the agency’s record management practices
Vulnerability Scanning. Conduct monthly and ad-hoc vulnerability scans of systems.
Employ agency supplied automated tools to gather data needed to conduct real-time assessments and analysis of detected security events
Develop templates as needed
Develop and maintain a comprehensive project plan (roadmap) that at a minimum identifies the tasks to be accomplished in the course of completing the requirements, defines project staff roles/responsibilities, and provides a detailed timeline for completion of tasks. The project plan shall include at a minimum the following:
**Knowledge Skills & Abilities: **
Industry Certification(s):
Summary of Benefits
Equal Opportunity Employer Minority/Female/Veterans/Disabled
#IND