SAIC team currently has an opening for a Senior Information Security Analyst to support a Department of State (DoS) Bureau of Information Resource Management (IRM) program. This program provides transparent, interconnected systems security; supporting the DoS in successfully carrying out its U.S. foreign policy mission. IRM provides enterprise architecture design, engineering, cyber security, operations and maintenance support services for desktops, servers, networks, firewalls, and enterprise applications across the Department. The Program is named "Vanguard 2.2.1" and is an IT operations, consolidation and modernization program consisting of the Department's servers, mainframes, network devices, network perimeter, anti-virus engineering, public key infrastructure (PKI)/biometrics/encryption, monitoring tools, telephony, mobile computing platform, virtual environment, cloud computing, and enclave design/security engineering.
This position is within the Vanguard 2.2.1 program supporting steps 1 through 3 and step 6 of the Risk Management Framework’s (RMF) Assessment and Authorization (A&A) process for DoS systems. Steps 1 through 3 and 6 are the primary responsibility of system owners; ensuring security related documentation is finalized and security control compliance is validated prior to submission to independent assessors. This position will require significant interaction with the DoS and contractor staff and with the DoS Cyber Operations Directorate within IRM. The work location is in the Washington, D.C. Metropolitan area but may require CONUS travel for short trips.
- Providing system owner support throughout the A&A process by providing guidance to, and coordinating the efforts of, relevant system operators across the environment.
- Working collaboratively with system owners and operators to complete system security plans (SSPs) and continuity of operations plans (CoOPs), respond to SCA findings, establish and execute Plans of Action and Milestones (POA&Ms), and identify, implement and document mitigating controls.
- Compiling and submitting A&A packages for independent security control assessor (SCA) review and assessment.
- Optimize the process for centrally tracking and reporting on security-related status for all IRM systems (i.e. ATO status, POA&M status, etc.)
- Supporting and interacting with customers, at the highest levels, as required.
Required Education, Experience, & Skills
- Bachelors degree and six (6) years or more experience; Masters and three (3) years or more experience;
- Hands-on experience with traditional A&A using NIST Special Publications (SPs) including SP800-53 Rev 4 and SP800-37 Rev 2.
- All candidates for consideration must hold an Interim Secret clearance with eligibility to obtain Top Secret clearance.
Desired Education & Skills
- A&A-related project leadership experience
- Experience with CNSSI 1253
- One of the following certifications:
- ISACA Certified Information Systems Auditor (CISA)
- SCP Security Certified Network Architect (SCNA)
- (ISC)2 Certified Authorization Professional (CAP)
- GIAC Systems and Network Auditor (GSNA)
- (ISC)2 Certified Information Systems Security Professional (CISSP)
- GIAC Security Leadership (GSLC)
- ISACA Certified Information Security Manager (CISM)
- PMI Project Management Professional (PMP) certification
- A relevant hands-on technical certification (e.g., Microsoft MCSE)
- Experience with, and knowledge of, IT security architecture and engineering
- Familiarity with DoS environment (data and voice networks, IT security systems, policies and procedures), Foreign Affairs Handbooks (FAHs), Foreign Affairs Manuals (FAMs) and DoS IRM/IA C&A Tool Kit, and DIACAP
Please be sure to indicate that you saw this position on Globaljobs.org