Knowledge Consulting Group (KCG) is one of the largest privately held cybersecurity services firms in the United States; serving as a Federal Government Contractor and supporting Commercial customers. We operate as a trusted cyber advisor to our customers across the country. We take great pride in maintaining a single focus on being the leader in cybersecurity services, providing risk management, governance, operations, and compliance services, utilizing our CISO framework methodology. We are uniquely positioned as a trusted cyber advisor with over 90 percent of our cyber professionals holding security clearances and security-specific certifications. With over 12 years of experience in providing cybersecurity services to our customers, we have a strong record of past performance in advising and executing cyber missions for all types of organizations and sectors.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Top Secret clearance is required.
Will serve as the primary certifier / main liaison and driving force for all Security Authorization (SA) efforts to include ensuring ISSOs complete a FIPS-199, PTA, e-authentications, CPs, CPTRs, SSPs, and 800-53As, and personally delivering RAs, SAPs, SARs, and ATO Letters. While DHS Data Center engineers conduct the majority of the technical scans on DHS HQ information systems, the contractor shall review thousands of lines of scanning results in order to identify and create POA&Ms for the information systems under their responsibility.
The contractor shall be capable of managing between 7-10 systems per individual throughout the entire SA lifecycle to include Continuous Monitoring and Ongoing Authorization. Continuous Monitoring includes, but is not limited to, POA&M management, waiver and exception support, and periodic recertification. In addition, the contractor shall serve as the focal point for all SA activities to the ISSO, System Owner, and Program Official.
- Responsible for all phases of SA to ensure compliance and provide guidance on IT Security requirements to assigned stakeholders.
- Assist in developing unified guidelines and procedures for conducting security authorizations and/or system-level evaluations of federal information systems and networks including the critical infrastructure of DHS HQ.
- Stay abreast of industry and Government standards to include DHS and DHS HQ Security Policies and Technical Standards
- Advise the Government on new standards and make recommendations on new IT Security technologies to improve efficiencies.
- Conduct SA Kick-off Meetings;
- Prepare the Security Assessment Plan (SAP);
- Conduct the SA via document examination, interviews and manual assessments;
- Analyze automated scan results;
- Utilize IACS/Xacta to document the results of security assessments;
- Perform Risk Analysis;
- Utilize IACS/Xacta to create a Security Accreditation Report (SAR);
- Create a Plan of Action and Milestones (POA&M);
- Conduct security assessment findings meetings with the System Owner, ISSO and other system personnel as required.
- Communicate with ISSO on continuous monitoring activities related to Plan of Action and Milestone closures, waivers and exceptions;
- Coordinate courtesy scans with ISSOs and Security Engineers as requested by assigned systems;
- Advise new system development teams on DHS and DHS HQ Security Policies and Technical Standards;
- Track security activities of assigned systems and brief senior leadership on said activities;
- Attend Security Training as requested by senior leadership;
- Advise ISSOs on successful completion of System Security Plans, Contingency Plans, FIPS 199 and E-Authentication Workbooks.
- Responsible for ensuring assigned systems are decommissioned according to DHS Media Sanitization Policies.
- Minimum of 3 years demonstrated experience conducting vulnerability and analysis of operating platforms (i.e. UNIX, Solaris, and Microsoft). Minimum 3 years experience performing compliance testing and analysis of web facing applications and database schema. Minimum of 2 years of demonstrated experience conducting Security Assessments and Security Authorizations for classified systems. Minimum 3 years related security experience.
- Certification: Certification and Accreditation Professional (CAP), CISSP, CISM or CISA certification is stongly preferred
- Proficiency in MS Word due to their responsibility in writing several security artifacts to include documents such as Security Assessment Plans.
- Contractor must be proficient in developing and presenting, both verbally and in writing, highly technical information and presentations to non-technical audiences at all levels of the organization.
- Working knowledge of the NIST 800 series publications to include but not limited to: 800-30, 800-37, 800-53 and 800-53a.
- Experience operating vulnerability scanning tools (i.e. NESSUS, AppDetective, WebInspect and ISS) and others as required.
- Experience performing analysis of data from the scanning tools.
- Travel: 0%
Strong verbal and written communication skills are highly preferred. It is highly desirable that candidates possess strong interpersonal skills. Candidates must be fluent in the English language.
Candidates may be asked to provide a writing sample.
Knowledge Consulting Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, or disability status.
If interested in the position, please apply directly through our website:
If you have questions or have trouble applying, you may contact: email@example.com.