Sr. IT Security Specialist/Sr. Risk Analyst

• Develop, update and maintain appropriate Security Authorization (SA) packages based on NIST standards for general support systems and major applications
• Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application
• Develop and maintain POA&Ms for all accepted risks upon completion of system SA.
• Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the security authorization guidelines and procedures
• Work with the FISMA Tool Xacta to develop SA related documentation and track POA&M and vulnerability status.

• Must possess 2 years dedicated information assurance/cyber security experience.    B.S. Degree in a related field is required but may be substituted with 4 additional years of professional Information Assurance experience. CISSP or CISA preferred.
• Ability to and interest in providing support and guidance to System Owner’s through the six phases of the Risk Management Framework (NIST 800-37) and  monitoring of Security Authorization (SA) artifact compliance, annual self-assessment (NIST 800-53A) completion, vulnerability scans, annual contingency plan testing, POA&M management and continuous monitoring.  Must possess experience with FISMA and understand FISMA requirements. DHS FISMA related requirements experience a plus.
• Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
• Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.
• Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions and recommendations in a clear, technically sound manner on matters associated with IT security.
• Experience with developing Security Controls Assessment (SCA) schedules, Security Assessment Plans and analyzing the results of SCA activites to evaluate the existence and effectiveness of 800-53 security controls and developing the Security Assessment Report
• Be prepared to security-related guidance on business processes, emerging technologies/development and acquisitions and vulnerability assessments and mitigation approaches.
• Experienced and capable in providing IA/security consulting services to enable the client to move past traditional C&A/SA approaches to an environment of ongoing authorization and continuous monitoring based on sound risk management practices

Desired Skills:

• Working knowledge of the FISMA tool, Xacta. 
• Awareness and knowledge of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, SP 800-37, SP 800-53A, SP 800-137, FIPS-199/200, and 800-30.
• Knowledge of NIST in regards to how it applies to FISMA reporting.
• Above average skills in MS Excel, and MS Access (to include ability to write macros and/or code)
• Experience with continuous monitoring
• CAP (Certification and Accreditation Professional)
• CISA (Certified Information System Auditor) or CISSP (Certified Information System Security Professional)