Information Assurance Analyst - Reston, United States - Demo - Maximus

Description

Job Summary

Who We Seek:

• Passion Seekers. You genuinely care about the work that you do and its impact on society.
• Self-Starters. You're a go-getter who isn't afraid to step up and disrupt the status quo.
• Entrepreneurs. You bring fresh ideas to the table, work hard, develop business and consistently seek new challenges.
• Collaborators. You're a great contributor to a high performing team that accomplishes great feats for our clients.

What You Will Do:

• Ensure the incorporation of industry best practices throughout the Cyber program which consists of defending the IT environment from cyber threats; detecting compromises, weaknesses and incidents; and responding to those events to prevent further damage.
• Assist the Cyber Security Manager with security control's Continuous Monitoring (CM) and Continuous Diagnostic and Mitigation (CDM) planning and implementation, and the creation and maintenance of all associated Certification and Accreditation (C&A) documentation in accordance with Federal, DOE and NETL regulations, procedures and processes.
• Participate in the effort to adopt and institutionalize the Twenty Critical Security Controls for Effective Cyber, Defense: Consensus Audit Guidelines (CAG).
• Provide support to develop, document, implement, review and revise policies and procedures compliant with the requirements defined in the NETL Program Cyber Security Plan (PCSP), the Undersecretary of Energy PCSP, and DOE Order 205.1B, commensurate with the level of security required for the environment and special needs of NETL.
• Provide cybersecurity planning, reporting and implementation consistent with NETL, Under Secretary, and Departmental policies and requirements.
• Provide support related to establishing and/or maintaining the certification and accreditation of IT systems and applications within the appropriate NETL boundaries or enclaves using the risk management approach outlined in DOE Order205.

1B and the Undersecretary of Energy PCSP, including the following duties:

• Ensure that users are granted access to information systems' resources based on the least privilege required principle.
• Document any special protection requirements identified by the application owner, data owner, or data steward, and ensure that these requirements are included within the protection measures implemented in the information system.
• Ensure that the organization's Cyber Security Program Manager (CSPM) is notified when an IT system or application is no longer needed or when changes occur that might affect its accreditation.
• Ensure that users and systems administrators are properly trained in information system security.
• Continuously conduct cyber security audits, reviews and tests to ensure that the cybersecurity features and controls are functioning and effective.
• Ensure the performance of risk assessments to determine whether additional countermeasures beyond those identified in the relevant system security plan are required and whether an identified unique local threat exists.
• Ensure appropriate and effective measures have been implemented to prevent unauthorized personnel from being granted use of or access to an IT system or application.
• Ensure the appropriate operational security posture is maintained for IT systems and applications.
• Document residual risk and mitigation measures such that the Approving Authority (AO) or the Approving Authority Designated Representative (AODR) can make a determination/decision relative to acceptability of risk and the resultant impact on an authority to operate.
• Ensure compliance with all Program Cyber Security Plan requirements and documentation, including but not limited to network connections, security impact analyses, change control, and Plan of Action and Milestones (POA&M).
• Work closely with internal and external stakeholders to ensure compliance with cybersecurity policies, procedures and "Best Practices" for the identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of countermeasures
• Help support and deploy cloud initiatives and services within NETL, around the processes.
• Proficient in AWS, GCP or Azure Storage, database, system design, dynamic hosting, virtualization.
• Experience and knowledge with Cloudwatch and/or Kion for cloud management, compliance, and governance.
• Solid understanding of cloud computing and technology
• Designing and transferring/deploying applications to the cloud, through normal SDLC practices.
• Must have experience in Docker containerization and container orchestration tools like Kubernetes.
• Support and use current methodologies such as Agile an Dev/Ops as the Cyber leader.
• Experience with AWS,GCP and Azure managed service, infrastructure automation, capacity monitoring automated scaling and resiliency solution
• Experience in designing and automated CI/CD workflows and tools, using Jenkins, GitLab, GitHub ,or similar tools
• Experience with infrastructure as code automation technologies such as Terraform, Ansible, or similar tools.
• Networking cloud knowledge or savviness within Cloud/on-prem peering, cloud to cloud peering and cloud on-prem / ESNet peering.

What You Need:
The ideal candidate will possess the following education, skills, and experience:

• Bachelor's degree and two (2) years or related experience, or Associates degree and four (4) years or related experience, or six (6) years of related experience
• Government Cyber Security experience is highly desired
• A Certification in Cyber Security (e.g., CISA, CISM, CAP, CCSP or SANs Program certifications) is highly desired
• ComptTIA Cloud+
• Solid understanding of cloud computing and technology
• Understanding of information technology and telecommunications systems; working knowledge of network interoperability, cybersecurity, and survivability issues, including cybersecurity best practices and standards
• Strong understanding of enterprise IT, including networking infrastructure, systems administration, data centers, and software applications and the development life cycle
• In depth knowledge of NIST and Federal Information Processing Standards (FIPS) to include NIST 800-37, FIPS 199, and 200
• Reasoning and problem-solving skills
• Cloud provider certifications that would be beneficial, fundamentals, administrator, solutions architect, developer, security engineer
• Work independently with limited supervision as a member of a cooperative team
• Work in a matrix organizational structure and distributed team environment
• Recognize and deal appropriately with confidential and sensitive information
• Ability to implement project plans and document progress of assigned tasks
• Ability to prepare and deliver presentations to technical and non-technical audiences
• Strong written and verbal communication skills

Due to Federal Requirements, US Citizenship is required.

Education and Experience Requirements

This job is reserved for Attain only. Attain job description is under review.


MAXIMUS Introduction

Since 1975, Maximus has operated under its founding mission of Helping Government Serve the People, enabling citizens around the globe to successfully engage with their governments at all levels and across a variety of health and human services programs.

Maximus delivers innovative business process management and technology solutions that contribute to improved outcomes for citizens and higher levels of productivity, accuracy, accountability and efficiency of government-sponsored programs.

With more than 30,000 employees worldwide, Maximus is a proud partner to government agencies in the United States, Australia, Canada, Saudi Arabia, Singapore and the United Kingdom.

For more information, visit

As a large employer and Federal contractor, Maximus is subject to various vaccine mandates across our lines of business. Maximus is committed to complying with any applicable vaccine mandates. The specific vaccine requirements for this position will be outlined throughout the selection process.

Individuals who believe they may qualify for a medical or religious accommodation will have the opportunity to apply for an accommodation following an offer of employment.

EEO Statement:

Active military service members, their spouses, and veteran candidates often embody the core competencies Maximus deems essential, and bring a resiliency and dependability that greatly enhances our workforce.

We recognize your unique skills and experiences, and want to provide you with a career path that allows you to continue making a difference for our country.

We're proud of our connections to organizations dedicated to serving veterans and their families.

If you are transitioning from military to civilian life, have prior service, are a retired veteran or a member of the National Guard or Reserves, or a spouse of an active military service member, we have challenging and rewarding career opportunities available for you.

A committed and diverse workforce is our most important resource. Maximus is an Affirmative Action/Equal Opportunity Employer.

Maximus provides equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status or disabled status.