Job Title: Security Assessor
Job Location: Springfield, VA
Job Type: Fulltime Perm
Description
Seeking a Security Assessor in support of multiple systems within a large federal government agency. Candidate should have a background in technology with a strong history of secure technical implementations as well as an understanding of security auditing. Additionally, the candidate should have experience working with security compliance and associated industry/government standards. Candidate will work closely with a supportive and talented team of ISSOs supporting multiple agency systems.
Responsibilities:
- Create memos and/or policies for management to review
- Review and assist the ISSO’s in updating documents as needed to be in line with current polices including but not limited to:
- Privileged Users (Provisioning, Separation, and Recertification) SOPs
- Vulnerability Scans SOPs
- SPLUNK Audit Log Review SOPs
- Patching SOPs
- Service & Account Management SOPs
- Separation of Duties SOPs
- Training/coaching EDME personnel on how to answer and provide documentation to auditors. This includes:
- Creating training materials
- Scheduling and providing training sessions
- Assisting the ISSO’s in gathering documentation for auditors including but not limited to documentation per system or per security control
- Providing policy documentation and presentations as requested
Must Haves:
- Over 10 years of experience and both a B.S. and M.S. degree. Bachelor of Science (BS) can be substituted with an additional 4 years of related experience, and a Master of Science (M.S.) can be substituted with an additional 2 years of related experience.
- Security Certification at level 2 of the 8570
- Minimum of 10 years of specific experience with NIST 800-53 policies.
- Experience with Security Auditing
Nice to Have:
- Experience with DHS 4300A a plus.
- Excellent communication skills with the ability to state messages in a clear and concise manner over any form of communication.
- Ability to multi-task, prioritize, and re-prioritize work in a fast-paced environment
- Experience in engineering IT systems (RedHat, Windows, and databases), as well as working knowledge of current technologies.
- Ability to learn an application environment to update and/or create supporting security documentation.