Location
Herndon, VA | United States
Job description
This role will support the project Security SME in guiding the security direction on the program.
GENERAL DUTIES:
- Work with architecture and software development teams to document security control implementation in accordance and compliance with NIST 800-53 rev 4 control requirements
- Work with technical teams to understand the implementation and how the implementation matches to the identified security control.
- Ensure compliance with all systems security requirements and updates, providing guidance and instruction as necessary to personnel and development teams
- Ensure Configuration Management (CM) for security-relevant software, hardware, and firmware is documented and maintained
- Support ATO/certification and accreditation activities ensuring that system security requirements are met
- Support and track resolving Vulnerability Alerts and Plan of Action and Milestones (POAMs)
- Track status of all system ATOs and recertification efforts
- Work with team to initiate protective and corrective measures when a security incident or vulnerability is discovered
- Maintain relationships with customer security counterparts
REQUIRED QUALIFICATIONS:
- Bachelor's degree in a related field and 8-10 years’ experience; or MS degree and 6-8 years experience or high school diploma/equivalent and minimum 12 years experience
- Experience in Stage 3 of the RMF process writing security controls implementation statements for systems in development to deliver for evaluation and testing to the RMF4 team in support of ATO per NIST 800-53 rev4 control set
- Experience working with in Agile/Scrum
- Experience supporting the Accreditation and Certification process and obtaining an Approval To Operate (ATO) in accordance with the U.S Federal Information Systems Risk Management Framework (RMF)
- Experience in the NIST Framework and ISO Standards
- Experience in tracking and resolving Vulnerability Alerts and Plan of Action and Milestones (POAMs)
- Experience developing artifacts for the System Security Plan (SSP)
- Experience working on multiple concurrent activities such as simultaneous ATOs
- Excellent communication skills, both verbally and in writing to effectively interact with multiple teams both internal and external and client interaction
DESIRED QUALIFICATIONS:
- Experience with security controls and ATO process for cloud-based environments including deploying solutions on public/hybrid clouds
- Familiarity with DevSecOps, SDLC, CI/CD pipelines, and related Agile processes
- Familiarity with any of the following: Jenkins, Docker, or other CD integration tools, and Fortify, CaST, or other SAST\DAST testing tools
CLEARANCE:
Job tags
Salary