VariQ has an exciting opportunity for a highly qualified Security Analyst IV / Security Specialist to support our client in Denver, CO.
Role: As the Senior Security Specialist IV for this engagement, the successful candidate will serve as a technical consultant and SME regarding federal information and cybersecurity doctrine, including FISMA and the NIST issuances. Our client’s FISMA compliance program is risk-based (in agreement with NIST issuances), with a lifecycle that leads to and sustains ATOs. Like most federal agencies, our client is constantly improving and refining systems, developing and deploying new systems, refreshing technologies, and incorporating new products as the IT market advances. Simultaneously, our client must address the ever-evolving threat landscape, changes in statute, standards, and regulations, and the continuous adaptation of their information security program to provide appropriate, cost-effective security in the midst of all of these factors.
Your team will be supported by a part-time program manager (who will handle finances, and minor oversight to ensure that client needs are being met), and a part-time technical writer (who will help with QA on deliverables). Thus, these positions require self-motivated, educated, and mature candidates who are comfortable with working with minimal supervision, and who have the gravitas to speak with authority and earn the respect of the team’s members and the client’s personnel, including senior leadership.
While the Senior Security Specialist IV will focus on more complex and technical aspects of the support needed by this client, all members of the team are required to learn and support the various aspects of the work required under this task. The client has licensed the CSAM as a FISMA/SA&A support tool, primarily for use in POA&M, as well as general security reporting and tracking. The client must also submit the customary CyberScope data, including PMC, CAP, and FISMA inventory information. Our client is currently sustaining a FISMA portfolio of approximately 30 systems, with a mix of general support as well as major/minor application systems. All systems require at least an annual update to the SSP, All 30 systems each year require new or heavily updated SSPs. Our client uses the traditional per-system SSP model, as well as program-level SSPs that support reuse and common control inheritance. Many of our client’s applications are being moved to the cloud, using the government’s FedRAMP program.
As our Senior Security Specialist, you will be a key technical member of the team, charged with sustaining and evolving the specified elements of the SA&A program, including the processes and tools employed throughout our client’s FISMA compliance program and advising on Templates improvements and provide thought leadership on the Strategy of Security Posture improvements.
The successful candidate will:
Required Experience and Abilities:
Years of Experience: At least 8 years of federal information security experience. At least five years involving the SA&A and security planning processes. At least 5-6 years of experience with compliance audit support. At least two years of hands-on experience with CyberScope and a security-relevant GRC tools.
Professional Certifications: Candidates must hold one or more of the following certifications (or equivalents): Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and/or CompTIA Security+.
VariQ is an equal opportunity employer.