Job Description
LOCATION: Washington DC
JOB TITLE: Information Assurance Specialist
EDUCATION/EXPERIENCE:
INDUSTRY CERTIFICATION(S):
• At least one (1) of the following: CISSP, GIAC, CEH, TNCP, Security+, Network+ etc.
FUNCTION:
Support the development and review of architectural specifications and documents for IT security;
Support the review of IT security program plans, agency's IT security directives, policies and procedures, and agency's IT security templates including agency's Information Technology Policy;
Develop and maintain a comprehensive project plan (roadmap) that at a minimum identifies the tasks to be accomplished in the course of completing the requirements, defines project staff roles/responsibilities, and provides a detailed timeline for completion of tasks. The project plan shall include at a minimum the following:
Milestones and dates for completion of each deliverable per system
Gantt chart for project plan showing milestones and dates for completion of each deliverable per system
Resources assigned to each system on project plan
IT Security Program Evaluation Reports.Support the evaluation of the effectiveness of the implementation of agency IT security policies, and procedures using a Capability Maturity Model (CMM) based framework;
The candidate shall assist in security assessment activities at all phases of the SDLC. This includes conducting market research that supports agency's technical evaluation of software, hardware devices, applications or services.
For new agency's information systems, and in the case of major modifications to certified systems, the Candidate shall be the independent security assessor as defined in NIST and OMB guidance.
For each information system, at a minimum, the Candidate shall plan and conduct a security assessment in compliance with NIST SP 800-37 “Guide to Applying the Risk Management Framework to Federal Information Systems” and NIST SP 800-53a “Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans”, deliver a security assessment report andassist with recommendations to correct weaknesses and deficiencies identified in the Plan of Action and Milestones (POA&M).
The Candidate shall conduct ongoing security control assessments; monitoring and evaluation of configuration settings; status reporting on the implementation of remediation plans in the system POA and an annual assessment of security controls selected on the basis of a risk analysis of the operating environment and the current threat(s).
Ongoing Authorization of FISMA-reportable systems includes the following:
Support reviews of the Agency's record management practices
Vulnerability Scanning.Conduct monthly and ad-hoc vulnerability scans of systems.
Employ agency supplied automated tools to gather data needed to conduct real-time assessments and analysis of detected security events
Develop templates as needed