Cybersecurity/Lead System Security Assessor

Job Locations US-DC
Job ID
2018-3126
# of Openings
3
Category
IT Security
Clearance
Public Trust
Work Authorization
US Citizens, preferred

Overview

VariQ’s Cybersecurity Line of Business is seeking team members with strong cybersecurity analytical skills in the areas of security assessments, continuous monitoring, and privacy, to support a US Government client. This highly visible and critical position includes developing security plans and business impact analyses, as well as performing, security categorizations, contingency planning, and control assessments.  The team also provides consulting services to the client on the best practices within the Risk Management Framework (RMF), waterfall to agile migrations, and the rollout of the Department of Homeland Security’s Continuous Diagnostics and Mitigation (DHS CDM) technologies.

 

Additional Information:

  • Location: Washington, DC
  • Salary: Dependent upon experience
  • Security Clearance: Public Trust (DoD Secret is preferred)
  • Available: within 30 days

Responsibilities

Serve as the Team Lead overseeing a team of Security Assessors responsible for multiple security compliance activities, while also leading assessment activities and interfacing directly with key customer stakeholders:

 

Key Responsibilities: 

  • Oversee the complete Security Assessment and Accreditation (SA&A) process for multiple business functions with hardware, software, and networking technologies requiring an Authority To Operate (ATO).
  • Apply your in-depth knowledge of NIST SP 800-53 and NIST SP 800-37 to perform detailed security assessments of all FISMA-categorized information systems.
  • Follow a Risk Management Framework (RMF) to categorize, implement, and assess all security controls; then use client templates to create and manage ATO-related deliverables, some of which include, but are not limited to, the following:
    • Business Impact Analyses (BIAs)
    • Privacy Threshold Analyses (PTAs) / Privacy Impact Assessment (PIA)
    • System Security Plans (SSPs)
    • Security Assessment Report (SARs) / Vulnerability Assessment Reports (VARs)
    • Plan of Action and Milestones (POA&Ms)
  • Work directly with Subject Matter Experts (SMEs) throughout the SA&A process to resolve issues and answer questions related to all aspects of the RMF life cycle.
  • Liaise with the Cybersecurity Compliance office to properly vet all deliverables for their submission to the Authorizing Official (AO).
  • Assist the Program Management team to help manage the delivery of multiple ATO packages.
  • Participate in Continuous Monitoring activities and initiatives.
  • Support other Cybersecurity priorities, as advanced by evolving Compliance needs. 

Qualifications

Experience with the following:

  • FISMA 2002 and 2014
  • NIST Cybersecurity Standards (800 series)
  • Privacy Program Support
  • Risk Management Framework
  • System Security Lifecycle Support

 

Required:

  • Lead must have a current CISSP certification
  • Mid-level assessors must have a current CAP certification

Desired:

  • CISM and CISA certifications are highly valued.
  • Intermediate to advanced knowledge of MS Office, especially Excel, Visio, and SharePoint
  • Securing Industrial Control Systems (ICS) / Supervisory Control and Data Acquisition (SCADA) systems is a plus.

 

 

VariQ is an equal opportunity employer.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed