Information Security Specialist - Reston, United States - Cape Fox Federal Integrators

Description

• Provide multidisciplined security administrative and technical security support to the organization; areas of responsibility include Physical, Computer, Personnel, Information, Administrative, Operational, and Communications Security analysis, assessment, and reporting
• Provide recommendations to organizational stakeholders for the integration of security processes and compliance with Federal regulations and Departmental policy
• Direct security efforts to increase efficiencies and enforce a global security mindset
• Provide strategic guidance for the further development of the security program
• Develop policies and procedures supporting regulations, directives, and Departmental policy
• Assist senior management with establishing a plan of action for the remediation of weaknesses
• Provide direct information assurance guidance pertaining to the development and modification of information systems and industrial control systems
• Provide strategic insight and continuous support for the integration of the system development life cycle
• Provide recommendations concerning new and existing projects and assist project managers with security oversight
• Coordinate with representatives and Subject Matter Experts (SME) from other Federal Agencies and commercial organizations to maintain awareness of upcoming changes to regulations and technologies
• Develop Risk Assessments in accordance with NIST guidance and deliver risk analysis and guidance as needed to organizational leadership
• Work with and be supported by NPS security personnel to perform the following tasks:
• Responsible for the mapping and implementation of the necessary defined security controls as they relate to the NPS infrastructure on NPS owned devices in accordance with government identified General Support Systems (GSS) and Subsystems
• Develop, implement, and maintain security related documents to include:
• System Security Plans (SSP)
• Risk Assessments
• Risk Acceptance documentation
• Security Impact Analyses
• Contingency Plans
• Incident Response Plans
• Plan of Actions & Milestones (POA&M)
• Independent Security Assessment (ISA)
• Memorandum of Understanding (MOU)
• Service Level Agreements (SLA)
• Assessment & Authorizations (A&A)
• Provide input to auditors, to include providing artifacts to support current configurations
• Conduct continuous monitoring to include maintenance of current ATO, monitoring compliance, conducting assessments, conducting periodic scans, auditing events and review of audit logs, and ensuring media is properly secured before transit or sanitized before disposal
• Provide recommendations to the NPS on methods to minimize security impacts of new requirements, technologies in accordance with policies, federal laws, and mandates
• Coordinate and facilitate meetings and regular interaction with System Owner, NPS IT Security personnel, data center personnel, change control board personnel, and data center end users providing technical and nontechnical securitybased expertise, guidance, and documentation
• Develop, communicate, and enforce security policies, procedures, and safeguards for all systems and staff, based upon Data Center and other government standards

• Minimum Education + Experience:
• Bachelor's Degree and six (6) years' relevant experience

• Master's Degree and five (5) years' relevant experience

• Eight (8) years' relevant experience
• Industryrecognized technical certification accepted in lieu of one year experience
• Minimum of four (4) years' direct fulltime experience conducting security assessments and developing all deliverables within a system authorization package
• Must have detailed and extensive experience with implementing, evaluating, and documenting all technical, management, and operational security controls as defined by the NIST SP as amended)
• Direct experience developing IT security policies, architectures, and standard operating procedures with a strategic perspective
• Extensive knowledge of and practical experience with implementing standard methodologies used in the Risk Management Framework (RMF) process (Formerly referred to as Certification and Accreditation (C&A))
• Expertlevel knowledge and experience with National Institute of Standards and Technology (NIST) guidelines and industry best practices for: risk assessment and management, vulnerability analysis, contingency planning, disaster recovery, configuration management, security assessments and developing mitigation plans
• Extensive knowledge and experience in delivering security administration support to the data center which includes incident reporting, planning, standards compliance, platform configuration management, cyber security vulnerability tracking (to include coordinating with customers and creating artifacts showing compliance), and the secure user access and management processes for the NPS Enterprise Data Centers