VariQ has an exciting opportunity for a highly qualified Technical Consultant/POA&M SME to support Plan of Action and Milestones (POA&M) Management and System Security Plan (SSP) reviews at the SEC in Washington, DC.
Role: As the Senior Security Specialist for this engagement, the successful candidate will serve as a technical consultant and SME regarding federal information and cybersecurity doctrine, including FISMA and the NIST issuances. Our client’s FISMA compliance program is risk-based (in agreement with NIST issuances), with a lifecycle that leads to and sustains ATOs.
The candidate will join a seven-person team: 5 Senior Security Analysts, one of which leads the POA&M process, and two Security Analyst II’s, who are more junior members. Additional members may join the team as part of surge support. Your team will be supported by a part-time program manager, thus, these positions require self-motivated, educated, and mature candidates who are comfortable with working with minimal supervision, and who have the gravitas to speak with authority and earn the respect of the team’s members and the client’s personnel, including senior leadership.
While the this position will focus on POA&M Management and SSP Reviews, all members of the team are required to learn and support the various aspects of the work required under this task. The client has licensed the RSA Archer™ product as a FISMA/SA&A support tool, primarily for use in POA&Ms and ISA/MOU (~30) management, as well as general security reporting and tracking. The client must also submit the customary CyberScope data, including PMC, CAP, and FISMA inventory information. Our client is currently sustaining a FISMA portfolio of approximately 100 systems, with a mix of general support as well as major/minor application systems. All systems require at least an annual update to the SSP, but only about 30 systems each year require new or heavily updated SSPs. Our client uses the traditional per-system SSP model, as well as program-level SSPs that support reuse and common control inheritance. Many of our client’s applications are being moved to the cloud, using the government’s FedRAMP program.
As our Senior Security Specialist, you will be a key technical member of the team, charged with sustaining and evolving the specified elements of the SA&A program, including the processes and tools employed throughout our client’s FISMA compliance program.
The successful candidate will:
Required Experience and Abilities:
Years of Experience: At least 10 years of federal information security experience. At least five years involving the SA&A and security planning processes. At least 1 year of experience with POA&M Management.
Professional Certifications: Candidates must hold one or more of the following certifications (or equivalents): Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and/or CompTIA Security+.
Clearance: Candidates will have to be favorably adjudicated for access to Sensitive but Unclassified (SBU) / Controlled Unclassified Information (CUI) following a background suitability and records check.
VariQ is an equal opportunity employer.