Job Description
COMPANY OVERVIEW:
TestPros is a successful and growing business, established in 1988 to provide Information Technology (IT) technical support services to a wide range of Commercial and U.S. Federal, State, and Local Government customers. Our capabilities include Program Management, Program Oversight, Process Audit, Intelligence Analysis, Cyber Security, NIST SP 800-171 Assessment and Compliance, Computer Forensics, Software Supply Chain Assurance, Software Testing, Test Automation, Section 508 and WCAG Accessibility Assessment and Remediation, Localization Testing, Independent Verification and Validation (IV&V), Quality Assurance (QA), Compliance, and Research and Development (R&D) services. TestPros is an Equal Opportunity Employer.
JOB SUMMARY:
TestPros is looking for an expert level Cyber Security professional to participate in commercial Cybersecurity Maturity Model Certification (CMMC) consulting/preparation services.
You should be an expert in conducting information technology compliance assessments across various frameworks (e.g., NIST 800-171, 800-53, etc), to include, but not limited to:
- NIST SP 800-171, Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations (DFARS 252.204-7012).
- NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations.
- Framework for Improving Critical Infrastructure Cybersecurity - NIST Cybersecurity Framework (CSF)
- Cybersecurity Maturity Model Certification v1.0.
RESPONSIBILITIES AND DUTIES:
You should also be able to deliver on the following expertly and consistently:
- Help our customers to implement and enforce NIST 800-53, NIST 800-171, DFARs, and CMMC requirements.
- Participate in the development, review and de-confliction of customer information system security policy and standards, including writing guidelines, standards, procedures, and other technical documentation (technical roadmaps, project plans, etc.).
- Support the development and maintenance of system asset lists; hardware, and software baselines.
- Provide detailed security-related reports including data, analyses, and conclusions upon completion of tests, scans, and assessments, including mitigations and, if indicated, appropriate escalation of identified risks and vulnerabilities.
- Verify and document the implementation of security controls necessary to achieve compliance.
- Keep management apprised of impending areas of concern, verbally and in writing.
- Convey project/task material to individuals, small and large groups.
- Review and develop System Security Plans (SSPs), Plans of Actions and Milestones (POA&Ms), and as well as necessary artifacts.
- Facilitate the Plan of Actions and Milestones (POA&M) program to ensure customer systems have accurately and fully provided information for POA&M activities to include valid remediation of findings.
- Develop various policy documents (SOPs/CONOPs) as required. This may include policies regarding Configuration Management, IS Sanitization, Media Security, Password Policy, Business Continuity, Continuity of Operations, Incident Response, Disaster Recover, and Security Assessments.
- Develop new, and mature existing information security and risk policies.
- Initiate, and lead on-going information security maturity assessment processes and training, using industry accepted frameworks and implement into the overall cyber security posture.
- Produce and review key performance indicators for implemented security measures and distribute KPIs.
- Maintain knowledge of threat landscape by monitoring threat intelligence, and other related sources.
QUALIFICATIONS AND SKILLS:
- 5+ years of directly related experience in IT security assessment and compliance
- Cloud computing security
- Security governance and policy
- Security risk analysis
- Auditing and monitoring systems
- Scanning and vulnerability management systems
- Advanced Malware Protection
- Threat Intelligence
- Incident Management - analysis, detection, and handling of security events
- Penetration testing and associated tools (e.g., nmap, Metasploit, etc.)
- Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training, or work experience (preferred)
- Military and/or practical job experience may be considered in-lieu of formal education, with significant industry certifications
- Must possess at least one of the following certifications/prior experience:
- Certified Information Systems Security Professional (CISSP)
- Certified Chief Information Security Officer (CCISO)
- Certified Information Security Manager (CISM)
- Certified Expert RMF Professional (CERP)
- CMMI Level 2 or 3 Lead Appraiser
- CMMI Level 2 or 3 Instructor
- CERT-RMM Lead Appraiser
- ISO 27001 Lead Auditor
- DoD 8570.IAM Level III (or certifications necessary to become level III certified)
- FedRAMP 3PAO Assessor
- DIBCAC Assessor
- GIAC Security Leadership Certification
Powered by JazzHR
4cKu667UGw