Job title: Senior Security Analyst
Company: Olgoonik
Job description: Overview:The CSIS Senior Security Analyst will support Diplomatic Security at the Department of State in the Office of the Chief Technology Officer (CTO). CTO is the primary IT group within the Bureau of Diplomatic Security, providing many web applications and other services used by Federal and local law enforcement officers worldwide.Primary Responsibilities:
- Integrate and test new technology for compliance with IT security standards.
- Perform analysis to ensure security controls are consistently implemented throughout system development life cycle and continuous monitoring phase.
- Develop, document, and execute plans for monitoring, assessing, and verifying security controls across assigned information systems.
- Document security control implementation statements.
- Work with cross functional teams across the Bureau to complete RMF steps 1 through 3, as required for RMF steps 4, 5 and, 6.
- Provide recommendations, guidance, and corrective action for all non-compliant security controls.
- Responsible for knowledge of and assisting project teams in registering the systems in Archangel.
- Request, gather, and comprehend evidence required to closeout open POAMS.
- Execution and knowledge of FISMA tasks that consist of system authorization/reauthorization, Privacy Impact Assessments, and system security categorization required for DS application systems.
- Conduct comprehensive self-assessments consisting of automated and manual security assessments of the management, operational, and technical security controls employed within or inherited by DS information systems to determine the overall effectiveness of the controls.
- Optimize processes to meet IT security-related goals and strategies by documenting lessons learned for each system and application by authorization month and year.
- Enter test results and artifacts into the bureau/department repository.
- Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions.
- Support bureau review of assessment activities, reports, and conclusions.
- Develop and maintain all required Assessment documentation following NIST 800-53 requirement for Steps 1, 2, 3, 4 (remediation of independent assessment findings), 5 (Provide artifacts for Authorization Official Approval/Review Package), 6 (Continuous Monitoring actions) of the Risk Management Framework for all Bureau managed systems.
- Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.
- Provide guidance to key stakeholders on the necessary components to demonstrate the achievement of control objectives.
- Implement a NIST-compliant continuous monitoring process across all major information systems to provide periodic assurance to senior management on the security protections of major information systems.
- Support periodic assessment of a bureau-identified subset of security controls across assigned information systems.
- All other duties assigned.
Education and/or Experience:
- A technical B.A. or B.S. degree from an accredited university.
- A minimum of five to seven (5-7) years of experience in performing system and application certifications and accreditations.
- Advanced practical experience in managing all phases of systems A&A activities ranging from early concept development to system retirement.
- Demonstrated experience supporting Government Agencies preferably DOS.
- Demonstrated experience creating system continuous monitoring and contingency plans that identify critical mission and business functions and recovery processes and procedures.
- Expert in the processes and documentation requirements for RMF methodologies
Knowledge, Skills, and Abilities:REQUIRED:
- Knowledge of network security architecture concepts, including topology, protocols, components, and principles.
- Knowledge of NIST Rev 4 and 5 security controls.
- Proficient or able to gain proficiency with a broad array of security software applications and tools.
- Organized with attention to detail.
- Willing to learn.
PREFERRED:
- Certified Information Systems Security Professional (CISSP) and/or a Certified Information Systems Auditor (CISA)
- Prior server, networking, or application administrative, engineering or system architect experience.
- Experience working in a matrix organizational structure.
- Previous experience using Xacta, Archangel, JIRA, and/or Service Now
- Some knowledge of SDLC, project manager principles, and ITIL.
- Knowledge of the FAM and FAH Policies
Certificates, Licenses, Registrations:CISM, CISSP, CAP and/or other equivalent certificatesSecurity Clearance:SECRET Level Required
- Must have a current United States Government SECRET Personnel Security Clearance or be able to successfully complete a U.S. government administered Investigation.
- Must be a U.S. Citizen.
- Must be able to maintain a U.S. Government SECRET clearance.
Physical Demands:Must be able to physically and medically perform in a normal office environment. While performing the duties of this job, the employee is required to be able to occasionally stand; walk; sit; use hands and/or fingers to handle, or feel objects, tools or controls; operate office equipment, reach with hands and arms; climb stairs; balance; stoop; kneel; talk or hear; taste or smell. The employee must occasionally lift and or move up to 25 pounds.Travel:Local and/or international travel may be required.
Expected salary:
Location: Arlington, VA
Job date: Fri, 14 Jun 2024 01:41:43 GMT
Apply for the job now!