Back to Search

SME - Information System Security Manager

US-VA-McLean

External

Req #: 5464

Type: Full-Time

Apply

View All Jobs New Search

Steampunk

Connect With Us:

Connect To Our Company

Overview:

Steampunk is seeking a Subject Matter Expert (SME) Information System Security Manager to support our Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) clients. CISA leads the national effort to understand, manage, and reduce risk to critical infrastructure. CISA is charged with leading the Nation's strategic and unified work to assure the security and resilience of the nation's cyber systems, protecting the American way of life.

Responsibilities:

* Responsible for leading teams in the RMF assessment, authorization, and monitoring steps for CISA systems following NIST and IDD 503 standards and best practices.
* Maintain ongoing knowledge of Federal policies and practices related to cybersecurity.
* Possess excellent verbal and written communication skills.
* Have knowledge, skills, abilities, and experience with common assessment and authorization (A&A) application platforms (e.g. eMASS, CSAM, Xacta is preferred) for performing tasks, strong architecture, network and infrastructure security,
* Strong next gen security expertise (agile/hybrid agile, cloud).

* Maintaining an asset inventory of hardware and software within the program/development offices or field site facility;
* Ensuring that security requirements for the assigned major application or general support system are being or shall be met;
* Ensuring that requests for Security Authorization (SA, also commonly referred to as Assessment & Authorization or Certification and Accreditation) of assigned major application or general support systems are completed in accordance with the published procedures;
* Coordinating the development of a Contingency Plan and ensuring that the plan is tested and maintained;
* Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.g. NIST 800-30, 37, 39);
* Ensuring preparation of security plans for sensitive systems and networks.
* Reporting IT security incidents (including computer viruses) in accordance with established procedures.
* Reporting security incidents not involving IT resources to the appropriate security office; and representing the security team as part of change management for assigned information systems.

Qualifications:

* Active TS security clearance
* 10+ years of proven experience performing security controls assessments.
* Bachelor's degree.
* Extensive experience working with various security methodologies and processes, compliance controls related to cloud security, performing assessments in cloud computing environment.
* Extensive experience providing analysis and trending of vulnerability data from many heterogeneous devices.
* Possess expert knowledge in risk and vulnerability management.
* Familiarity with one or more of DHS Directive 4300A, FIPS Pubs 199 & 200, and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60
* Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring
* Experience with POA&M management and GRC tools
* Ability to performing Security Authorization and Risk Analysis and Assessment

Apply

Share this job: