VariQ has an exciting opportunity for a highly qualified Senior Security Specialist/Technical Consultant to support the a client in Washington, DC.
Role: As the Senior Security Specialist (S3) for this engagement, the successful candidate will serve as a technical consultant and subject matter expert (SME) regarding federal information and cybersecurity doctrine, including FISMA and the NIST issuances. Our client’s FISMA compliance program is risk-based (in agreement with NIST issuances), with a lifecycle that leads to and sustains ATOs. Like most federal agencies, our client is constantly improving and refining systems, developing and deploying new systems, refreshing technologies, and incorporating new products as the IT market advances. Simultaneously, our client must address the ever-evolving threat landscape, changes in statute, standards, and regulations, and the continuous adaptation of their information security program to provide appropriate, cost-effective security in the midst of all of these factors.
The successful candidate will be a member of a nine-person team: the candidate, a Program Manager (PM), five Senior Security Specialists (S3) and two Security Analyst II’s, who are more junior members. Additional members may join the team as part of surge support. The team will be supported by a part-time Director (who will handle minor oversight to ensure that client needs are being met), and a part-time technical writer (who will help with QA on deliverables). This position requires a self-motivated, educated, and mature candidate who is comfortable with working with minimal supervision, and has the gravitas to speak with authority and earn the respect of the team’s members and the client’s personnel, including senior leadership.
While the S3 will focus on more complex and technical aspects of the support needed by this client, all members of the team are required to learn and support the various aspects of the work required under this task. The client has licensed the RSA Archer™ product as a FISMA/SA&A support tool, primarily for use in Plan of Action and Milestone (POA&M) and ISA/MOU management, as well as general security reporting and tracking. All systems require at least an annual update to the SSP, but only about 30 systems each year require new or heavily updated SSPs. Our client uses the traditional per-system SSP model, as well as program-level SSPs that support reuse and common control inheritance. Many of our client’s applications are being moved to the cloud, using the government’s FedRAMP program.
As our Senior Security Specialist, you will be a key technical member of the team, charged with sustaining and evolving the specified elements of the SA&A program, including the processes and tools employed throughout our client’s FISMA compliance program.
The successful candidate will:
Required Experience and Abilities:
Years of Experience: At least 10 years of federal information security experience. At least five years involving the SA&A and security planning processes with demonstrated leadership roles. At least two years of experience with compliance audit support. At least two years of hands-on experience with a security-relevant GRC tool.
Professional Certifications: Candidates must hold one or more of the following certifications (or equivalents): Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and/or CompTIA Security+.
Clearance: Candidates will have to be favorably adjudicated for access to Sensitive but Unclassified (SBU) / Controlled Unclassified Information (CUI) following a background suitability and records check.
VariQ is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.