Key Responsibilities and Managed Outcomes:
·Manage and coordinate with team members to effectively execute tasks to ensure high quality deliverables and timely delivery.
·Serve as a skilled technical security advisor and security officer to business owners and stakeholders.
·Develop documentation as the primary author on RMF A&A documents including but not limited to the System Security Plan, Privacy Threshold Analysis, Privacy Impact Assessment, Contingency Plan, Configuration Management Plan, and Incident Response Plan.
·Implement quality assurance procedures to ensure a high level of quality in all deliverables submitted by the team.
·Perform and support security operations tasks including vulnerability management, implement role-based access controls, data-masking and analytics, audit log analysis, secure configuration management, etc.
·Provide tactical and strategic guidance to improve organizational security program.
·Provide security design and impact analysis for enterprise operations and solutions.
·Aid in various assessment activities including A&A security control assessments.
·Coordinate and communicate with system stakeholders as required to complete all aspects of the A&A process.
·Understand and articulate security architecture of systems and how it integrates with the enterprise security stack.
·Provide security design and security impact analysis on agency systems.
·Perform both technical and documentation continuous monitoring tasks.
·Keep abreast of changing audit guidelines, Federal guidance, and regulations.
·Lead and advise on POA&M remediation’s and control finding closures using evidential matter or other required closure evidence.
·Support security controls assessment activities.
·Proactively identify opportunities to enhance the efficiency and effectiveness of security processes, implementing best practices and lessons learned across security domains.
Required Skills:
·5+ years of technical experience in cybersecurity.
·5+ years of experience with Federal certification and accreditation A&A.
·5+ years of experience with maintaining IT security policies, processes, and guidance.
·Professional experience with a solid understanding of incident response, insider threat investigations, forensics, cyber threats, and information security.
·Experience with applying the NIST Cybersecurity Framework.
·Experience with Federal Risk and Authorization Management Program (Fed RAMP).
·Proficient understanding of the NIST RMF 800-137 Rev2 processes and the NIST security control set (800-53 Rev4, 800-53 Rev5).
·Experience with developing and managing continuous monitoring and plans of action and milestones (POA&M).
Desired Skills:
·Experience working with Cyber Security Assessment and Management (CSAM) tool.
·USDA security experience.
·Experience with AWS, Azure and other Cloud service providers.
Education:
·Bachelor’s degree in computer science, or related field. Master’s degree preferred.
·Security Certification: CISSP, CISM, CAP or equivalent certification preferred.
·Certified in AWS and/or Azure Security Specialty is preferred.
Bachelor’s degree