- Create, manage, and utilize Assessment Standard Operating Procedures and Testing Templates and ensure that assessments are conducted accurately, efficiently, and consistently.
- Create, manage, and utilize Assessment Guides and Training Material documents that assist system stakeholders in preparing for upcoming assessments. Includes, but is not limited to Frequently Asked Question guides, workflows, and Training Materials.
- Create, manage, and utilize Check-Point Reviews to determine the readiness of the system for assessments. Includes the status of POA&Ms for the system, review of control implementations for applicability and the state of the Body of Evidence (BOE) materials to support the assessment.
- Manage Assessment Entrance Conference Briefing, creating agenda and meeting minutes for the system stakeholders on what to expect and when during the upcoming assessments.
- Draft Security Assessment Report (SAR) for review by the stakeholders to prepare for the Exit Conference.
- Manage Assessment Exit Conference Briefing, creating agenda and meeting minutes for the system stakeholders on the results of the Exit conference to determine the final SAR.
- Create Final Security Assessment Report for review by the stakeholders to prepare for the Exit Conference.
- Develop and maintain an overall Security Assessment Schedule that forecasts system assignments for contractor and stakeholder staff over the period of performance. The Assessment schedule needs to include assessments that meet the requirements of current DHS policy. Systems in Ongoing Authorization (OA) need to be assessed once a year. Systems not in the OA program need to be assessed at a minimum every three years or when a major change occurs. The schedule also needs to support new systems utilizing the Authority to Proceed (ATP) memo. New systems utilizing the ATP process assess the critical controls prior to being placed in production and then require a full assessment within one year after receiving the ATP.
- Develop testing artifacts for each system to include, as appropriate, the technical assessment plan, the Rules of Engagement (ROE), the Security Requirements Traceability Matrix (SRTM), the Security Assessment Report, and any other necessary documentation.
- Update and maintain all testing templates and Standard Operating Procedures (SOP) as needed, or on an annual basis per DHS guidelines, to include the utilization of the compliance tool.
- Create Assessment Guides to assist ISSOs, ISSMs, System Owners and other stakeholders to prepare for upcoming assessments. This includes but is not limited to Frequently Asked Questions (FAQs) guides, and Training Materials.
- Conduct and/or review vulnerability scans, review device configurations, and review system architecture. The Contractor will utilize vulnerability assessment tools as provided by the government. Test tools used to support the assessment process may include but is not limited to Nessus (Vulnerability Scanner), WebInspect (performs web application security testing and assessment), IACS, CSAM, and AppDetective (database vulnerability scanner). These tools are subject to change.
- Provide advisement and recommendations to the Government for assessment and security best practices including tools that are used for assessment activities.
- Arrange for physical access to the system, if applicable, with the specific System Owner and the specific facility manager(s). All contact information will be provided by the system's Information System Security Officer (ISSO). Alternatives to physical access to the system may be utilized if it does not compromise the assessment of the controls needed to be accomplished.
- Conduct an Assessment Kick-off meeting according to the Security Assessment Schedule that reviews the MGMT Compliance requirements, process, and artifacts to prepare the stakeholders for the scheduled assessment.
- Conduct up to two check point reviews after the kickoff, and prior to the planned assessment date to review the status of the artifacts in the compliance tool. Provide the checkpoint information to the assessment division and conduct reviews with the stakeholders as needed. As part of the check point review, the assessor will provide detailed criteria that would result in significant findings on the assessment or prevent the assessors from conducting an accurate assessment.
- Conduct an assessment entrance conference according to the Security Assessment Schedule that does a final overview of what is expected during the assessment.
- Execute the assessment through the review of system security documentation, vulnerability scan results, audit logs, configuration guides, and any other additional materials provided by the system and system stakeholders.
- Document the results of the technical assessments in the draft Security Assessment Report (SAR) with the criteria of the tests, testing methods, findings of the assessment and recommended mitigations. The draft SAR will be sent to the stakeholders one week prior the exit conference as defined in the Security Assessment Schedule.
- Conduct an assessment exit conference according to the Security Assessment Schedule to review of the findings of the draft SAR and address any final agreed changes.
- Based on the results of the exit conference, produce the Final SAR within 5 business days of the conference. The Final SAR will document the results of the technical assessments with the criteria of the tests, testing methods, findings of the assessment and recommended mitigations.
- Collect and securely store all final materials and media submitted by the system test team according to the SOP in the DHS compliance system. Draft systems assessment may use other DHS MGMT owned systems as appropriate.
- At least 4 years of NIST Security Control Assessor (SCA) experience.
- Must have led Assessment teams from planning through execution and finalization an of assessment.
- Capable of performing in a fast-paced environment.
- Strong communication skills both verbally and in written form.
- Mastery of control assessment requirements based on the NIST 800-53A.
- Technical expertise in assessing environments such as but not limited to Applications, Operating Systems, Databases, Appliances, Cloud Environments, and Physical environments to validate a full deployment of a defense in depth strategy. ??
- In depth understanding on how to read Nessus scan reports and identifying security vulnerabilities, configuration settings, and security compliance. ???
- Proficient technical writing skills developing control findings, detailed assessment reports, technical requests for the system engineers,?and other security assessment documentation.
- Extensive experience conducting assessment interviews of system engineers, administrators, and other support personnel including demonstrations to accurately validate system configurations. ??
- Work well within and leading teams with a positive attitude and can solve problems without supervision.
- Deep knowledge of Security Control testing and validation on both technical and policy areas.
- CSAM experience
- Working knowledge of DHS 4300 Policy +
- At least 1 year of Splunk experience or Splunk certification
- Required Experience 8 years.
- Required Education bachelor's degree in computer science or related field.
- Certification CISSP, CISM, CRISC, or CSSP
- Security Clearance Secret
-
Assessment Specialist
4 weeks ago
Equus Brooklyn, United States Full timeJob DescriptionCoordinate and facilitate various interest, skill and aptitude assessments for clients in an orderly and professional manner · Ensure client's reasonable accommodations for completing assessment are being met · Gather assessment results and provide to the Certified ...
-
Assessment Specialist
2 weeks ago
Equus Brooklyn, United StatesCompany Description · We help job seekers and career changers prepare for and advance in careers with a focus on sustainable, high-growth, high-demand industries. Our committed and well-trained workforce professionals deliver comprehensive workforce solutions at integrated career ...
-
Assessment Specialist III
2 weeks ago
Educational Testing Service Princeton, United StatesThe Assessment Specialist III develops items, tests, and related products that are closely aligned to the current subject-area standards and student-learning objectives and Ieads discussions with clients and stakeholders on the assessment of subject- Assessment, Specialist, Leade ...
-
Risk Assessment Specialist
4 weeks ago
Legend Biotech US Raritan, United StatesCompany InformationLegend Biotech is a global biotechnology company dedicated to treating, and one day curing, life-threatening diseases. Headquartered in Somerset, New Jersey, we are developing advanced cell therapies across a diverse array of technology platforms, including aut ...
-
Assessment Specialist III
2 weeks ago
Educational Testing Service Princeton, United States**About ETS:** · For more than 75 years, we have amplified products and services based rigorous research and our belief in the power of learning. Driven by our mission to advance quality and equity in education, ETS provides learning solutions, pioneering research and trusted ass ...
-
Assessment Specialist III
3 weeks ago
Educational Testing Service Princeton, United StatesAbout ETS: · For more than 75 years, we have amplified products and services based rigorous research and our belief in the power of learning. Driven by our mission to advance quality and equity in education, ETS provides learning solutions, pioneering research and trusted assessm ...
-
Assessment Specialist II
1 week ago
Educational Testing Service (ETS) Princeton, United StatesJob Description · Job DescriptionAbout ETS: · For more than 75 years, we have amplified products and services based rigorous research and our belief in the power of learning. Driven by our mission to advance quality and equity in education, ETS provides learning solutions, pionee ...
-
Assessment Specialist III
2 weeks ago
Educational Testing Service (ETS) Princeton, United StatesJob Description · Job DescriptionAbout ETS: · For more than 75 years, we have amplified products and services based rigorous research and our belief in the power of learning. Driven by our mission to advance quality and equity in education, ETS provides learning solutions, pionee ...
-
Assessment Specialist
3 weeks ago
Strategic Education Inc. New York, NY, United StatesThe Assessment Specialist measures learning outcomes at the institutional, program, and course level, develops and validates new instruments, provides evidence to support the credibility of learning outcomes data, and facilitates the use of learning outcome data. The Assessment S ...
-
Senior Specialist Assessment Services
1 week ago
Success Academy Charter Schools New York, United States Full timeThanks for your interest in Success Academy Running the largest, fastest-growing, and highest-performing network of public charter schools in New York City takes a village - families, children, teachers, staff and faculty, advocates and supporters alike. We would love to welcome ...
-
Assessment Specialist
2 weeks ago
The Port Authority of NY & NJ New York, United States Full timeThe Human Resources Department is seeking an Assessment Specialist in the Assessment Services Unit. The Assessment Specialist will work as part of a team that is responsible for developing valid selection processes that ensure the highest quality of candidates for a wide range of ...
-
Assessment Specialist
3 weeks ago
The Port Authority of New York and New Jersey (PANYNJ) New York, United States**Description**: · The Assessment Specialist acts as a key partner to business leaders across the agency and within the Human Resources Department and provides consultation and support on testing and assessment activities for a broad range of job families. The Assessment Speciali ...
-
Assessment Specialist
2 weeks ago
Equus New York, United StatesJob Description · Job DescriptionCompany Description · We help job seekers and career changers prepare for and advance in careers with a focus on sustainable, high-growth, high-demand industries. Our committed and well-trained workforce professionals deliver comprehensive workfor ...
-
Prior Learning Assessment Specialist
2 weeks ago
New Jersey City University Jersey City, United StatesThe Prior Learning Assessment Specialist, a part of the Transfer Resource ream, coordinates the evaluation and validation of prior learning experiences for both new and continuing students. In this role, they will facilitate the assessment of transcr Assessment, Specialist, Evalu ...
-
Assessment Information Systems Specialist
2 weeks ago
Hackensack Meridian Health Nutley, United StatesOverview · Our team members are the heart of what makes us better. · At Hackensack Meridian Health we help our patients live better, healthier lives - and we help one another to succeed. With a culture rooted in connection and collaboration, our employees are team members. Here ...
-
Assessment Information Systems Specialist
3 weeks ago
Hackensack Meridian Health Nutley, United StatesOverview · Our team members are the heart of what makes us better. · At Hackensack MeridianHealth we help our patients live better, healthier lives — and we help one another to succeed. With a culture rooted in connection and collaboration, our employees are team members. Here, c ...
-
Assessment Specialist I
2 weeks ago
Adecco USA Princeton, United StatesAssessment Specialist, Italian Language & Culture · Adecco is hiring for an assessment specialist to work remotely. Weekly pay starting at $30.00 per hour for up to 20 hours/week. Must be available to work during the hours of 9am to 5pm ET business hours. Competitive benefits wit ...
-
Behavior Health Assessment Specialist
3 weeks ago
Guthrie Health Cortland, United States Full timePosition Summary: Responsible for providing mental health services to patients presenting in the Emergency Department, including crisis/intake assessment and intervention, making appropriate referral for acuity, providing education, discharge planning, acting as a community liais ...
-
Behavior Health Assessment Specialist
4 weeks ago
Guthrie Cortland, United States Full timePosition Summary: Responsible for providing mental health services to patients presenting in the Emergency Department, including crisis/intake assessment and intervention, making appropriate referral for acuity, providing education, discharge planning, acting as a community liais ...
-
Risk Assessment Specialist
3 weeks ago
Legend Biotech US Raritan, United StatesCompany Information · Legend Biotech is a global biotechnology company dedicated to treating, and one day curing, life-threatening diseases. Headquartered in Somerset, New Jersey, we are developing advanced cell therapies across a diverse array of technology platforms, including ...
ta7 - 10r information assurance senior security specialist assessment - Piscataway, United States - Softek International Inc
Description
Job Description
Job DescriptionDescription:Support in identifying cybersecurity deficiencies in information systems by performing technical assessments of assigned systems and applications to determine the severity of weaknesses; Supports the Security Authorization (SA) and Continuous Monitoring (CM), Risk Management Framework (RMF) process. Results of the assessments will be documented in the MGMT compliance tool, (e.g., IACS, CSAM, etc.), utilizing a standard report format with the results and findings from the assessment, along with recommended mitigations. Results will also be entered into the compliance tool. The contract team perform the following tasks:
Duties/Responsibilities:
Experience: (MUST HAVE):
Experience/Years of Relevant Experience:
Education/Certificates:
Clearance: