VariQ has an exciting opportunity for a highly qualified Senior Security Specialist/Technical Consultant to support the SEC in Washington, DC.
Role: As the Senior Security Specialist (S3) for this engagement, the successful candidate will serve as a technical consultant and SME regarding federal information and cybersecurity doctrine, including FISMA and the NIST issuances. Our client’s FISMA compliance program is risk-based (in agreement with NIST issuances), with a lifecycle that leads to and sustains ATOs. Like most federal agencies, our client is constantly improving and refining systems, developing and deploying new systems, refreshing technologies, and incorporating new products as the IT market advances. Simultaneously, our client must address the ever-evolving threat landscape, changes in statute, standards, and regulations, and the continuous adaptation of their information security program to provide appropriate, cost-effective security in the midst of all of these factors.
The successful candidate will be a member of a four-person team: The candidate, another S3, and two Security Analyst II’s, who are more junior members. Additional members may join the team as part of surge support. Your team will be supported by a part-time program manager (who will handle finances, and minor oversight to ensure that client needs are being met), and a part-time technical writer (who will help with QA on deliverables). Thus, these positions require self-motivated, educated, and mature candidates who are comfortable with working with minimal supervision, and who have the gravitas to speak with authority and earn the respect of the team’s members and the client’s personnel, including senior leadership.
While the S3 will focus on more complex and technical aspects of the support needed by this client, all members of the team are required to learn and support the various aspects of the work required under this task. The client has licensed the RSA Archer™ product as a FISMA/SA&A support tool, primarily for use in POA&M (~300 plans) and ISA/MOU (~30) management, as well as general security reporting and tracking. The client must also submit the customary CyberScope data, including PMC, CAP, and FISMA inventory information. Our client is currently sustaining a FISMA portfolio of approximately 100 systems, with a mix of general support as well as major/minor application systems. All systems require at least an annual update to the SSP, but only about 30 systems each year require new or heavily updated SSPs. Our client uses the traditional per-system SSP model, as well as program-level SSPs that support reuse and common control inheritance. Many of our client’s applications are being moved to the cloud, using the government’s FedRAMP program.
As our Senior Security Specialist, you will be a key technical member of the team, charged with sustaining and evolving the specified elements of the SA&A program, including the processes and tools employed throughout our client’s FISMA compliance program.
The successful candidate will:
Required Experience and Abilities:
Years of Experience: At least 10 years of federal information security experience. At least five years involving the SA&A and security planning processes. At least two years of experience with compliance audit support. At least two years of hands-on experience with CyberScope and a security-relevant GRC tool.
Professional Certifications: Candidates must hold one or more of the following certifications (or equivalents): Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and/or CompTIA Security+.
Clearance: Candidates will have to be favorably adjudicated for access to Sensitive but Unclassified (SBU) / Controlled Unclassified Information (CUI) following a background suitability and records check.
VariQ is an equal opportunity employer.