Security Assessor (Hybrid)

Location

Silver Spring, MD | United States

Job description

ITegrity is an award winning and rapidly growing 8(a) small business that provides IT and Engineering services in the Federal Civilian and DoD space. ITegrity recently received the 2022 Prime Contractor of the Year for the Mid-Atlantic Region from the SBA and our CEO recently received the 2022 Small Business Person of the Year for Maryland. We are seeking a Security Assessor to work on an exciting project with the federal government.

Ensure systems are operated, maintained, and disposed of in accordance with internal security policies and practices outlined in the security plan. Initiate, with the approval of the CISO, protective or corrective measures when a security incident or vulnerability is discovered. Develop and maintain System Security Plans (SSP) and conduct periodic reviews to ensure compliance with the SSP. Provide technical and analytical guidance to project teams. Ensure Configuration Management (CM) for security-related IS software, hardware, and firmware is maintained and documented. Ensure that system recovery processes are monitored and security features and procedures are properly restored. Ensure all IS security-related documentation is current and accessible to properly authorized individuals. Formally notifying the CISO and Authorizing Official when a system no longer processes Controlled Unclassified Information or when changes occur that might affect a systems risk posture. Ensure that system security requirements are addressed during all phases of the system life cycle. Ensure procedures developed by the CISO, authorizing software, hardware, and firmware use before implementation on the system.

Basic Qualifications:

• 5 years of experience in IT security, including C&A and/or IT security risk analysis, preferably in support of the Federal Government.
• 5 Years of experience serving in an Information Systems Security Officer role capacity preferably in support of the Federal Government
• Experience conducting security control assessments for Security Assessment and Authorization (SA&A) using NIST SP 800-53 Rev4 and 800-53a.
• Understanding of computer security architectures and technical implementation of security controls - Knowledge of Federal Government C&A practices and policies, particularly FISMA, NIST SP 800-53, 800-171
• Knowledge of core security tool concepts (IDS, SIEM, Firewalls, Vulnerability Assessment tools, configurations compliance, etc.) and ability to analyze technical outputs and recommend process improvements at an enterprise level.
• US Citizenship in order to meet security requirements

Additional Qualifications:

• Industry certifications relating to IT security preferred (CISSP, GIAC, CEH, TNCP, etc.).
• CISSP Certification highly preferred ·
• BS degree in a related field preferred

Job tags

Salary

$135k - $150k