Security Assessment Specialist Job

SECURITY ASSESSMENT SPECIALIST needed for a contract to hire opportunity with Yoh's client located in Alexandria, Virginia.

THE BIG PICTURE - TOP SKILLS YOU SHOULD POSSESS:

- Security Assessment
- Security Test and Evaluation
- Security + Certification

WHAT YOU'LL BE DOING:

- Jr - Mid level IT Security Analyst to perform security assessments for various General Support Systems (GSS) and Major Applications (MA).
- The candidate will be performing security assessments by examining various system documents, interviewing key personnel and conducting technical testing using NIST, OMB and Department/Agency guidance.
- The candidate will work with various teams to include Information System Security Officers (ISSO), Systems Owners (SO), and security scanning specialists to ensure quality assessments while improving the overall security of applications.
- The candidate will help build and maintain an assessment schedule including creation of Security Test and Assessment Plan (ST&A), Security Risk Traceability Matrix (SRTM) and Security Assessment Report (SAR).
- The candidate has to have the ability to successfully provide remediation recommendations for unimplemented security controls.

WHAT YOU NEED TO BRING TO THE TABLE:

- Working knowledge of FISMA, NIST 800-53 R4 Security Controls, NIST 800-53A Rev 1, NIST 800-37 R1 Processes, FIPS 199 Categorization, and various NIST 800 series publications
- General knowledge of how to secure various technologies including applications, platforms, operating systems, databases, and more
- Knowledge of CSAM or other A&A automated tool

CRITICAL SKILLS:

- At least one to four (1 - 4) years' experience of system(s) functions, security policies, implement and assess technical security safeguards, and operational security measures is required.
- One to three (1 - 3) years of experience in Security Test and Evaluation (ST&E)
- One to three (1 - 3) years of experience in systems security evaluation
- Experience creating Security Test and Assessment Plan (ST&A) and Security Assessment Report (SAR) documents for the Security Authorization Package
- Experience performing activities required for the Assessment phase of NIST 800-37 Revision 1 Risk Management Framework, using 800-53A Rev1
- Familiarity conducting security assessments utilizing Security Risk Traceability Matrix (SRTM)
- Experience implementing and documenting NIST 800-53 Revision 3 or 4 Security Controls to secure systems
- Experience performing System Categorization utilizing NIST FIPS 199 processes
- Experience performing continuous monitoring including Security Impact Analysis for SDLC system changes
- Experience using the Cyber Security Assessment and Management (CSAM) Tool to search for system documentation
- Experience identifying weaknesses/vulnerabilities, supporting System Owners/Technical Leads to develop a mitigation plan, and drafting/managing POA&Ms
- Experience reviewing/analysing system, database, and application vulnerability scan reports to identify remediation actions and advise System Owners/Technical Leads on implementation
- Experience executing vulnerability scans (Nessus, NGS SQuirreL, Web Inspect)
- Excellent oral and written communication skills
- Prior experience performing Technical and Quality reviews
- Prior experience performing Technical and Non-Technical testing for systems
- Excellent analytical reasoning skills

EDUCATION/PROFESSIONAL AFFILIATIONS:

- Bachelor's Degree in Information Assurance, Computer Science, Engineering, or Systems-related discipline
- Security + (Required)

BONUS POINTS! OTHERWISE KNOWN AS PREFERRED QUALIFICATIONS:

- CISSP, CEH and CAP

WHAT ARE YOU WAITING FOR? APPLY NOW!

Yoh, a DayJ2W: INFOTECH

Tax Term: CON_W2J2WYOHFED

Ref:

YFS/Aviation: IT & Telecom