|Date Posted||April 19, 2018|
US Citizenship or Green Card Required | Federal Position
Contact : Arvind Mathur at [Click Here to Email Your Resumé] | 301-367-6706
Preferred Certifications: CAP, Security+, CISSP, GSEC
Education : Bachelor's degree Experience: 10 years' experience
The RMF Analyst will work seamlessly with the ISSM and other IT Security staff to conduct Authorization to Operate (ATO) activities to include:
Oversee and actively manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.
* Lead the development and maintenance of security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
* Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the "stack," and monitor to ensure vulnerabilities are remediated as appropriate. Actively manage vulnerabilities mitigation commitments from the integration team.
* Assist in establishing rules for program/project vulnerability scans, risk analyses and security assessments which includes addressing controls defined by OMB A130 Appendix III, FIPS 199, NIST SP800-37, NIST SP800-53, NIST SP500-299 (Draft) for both business operations and technical implementation throughout the eSDLC for the SoS.
* Analyze and define security requirements for information protection.
Analyze Decennial change requests for security impacts and provide recommendations to the 2020 Census GPMO.
Analyze change requests for security risk, monitor and track security-related defects and resolutions, and make recommendations to the 2020 Census GPMO.
* Assist in establishing and implementing a Continuous Diagnostics and Mitigation (CDM) capability with integrated security controls for the 2020 Census SoS.
* Assist in establishing a continuous monitoring strategy to proactively survey, monitor, and track security-related defects and the status of their resolutions to report to the 2020 US Census GPMO.
* Review program/project vulnerability scan results and report findings to the 2020 US Census GPMO and monitor and track their assessment and subsequent resolution using automated scripts where necessary.
* Monitor for security breaches and participate in incident response activities and investigation of security breaches. Specifically, traditional ISSO audit responsibilities.
* Capture ATO artifacts that support independent assessment activities. Consolidate ATO artifacts for input into the USCB Risk Management Processing System.
* Present status of RMF efforts to Government customer and program meetings as required.
In-depth technical experience and security exposure with core technologies, including Cloud, Digital, Data Protection, User Management, Digital Mobility, Compliance, Application Security, Event Management, CDM Knowledge of FedRAMP and FISMA regulatory compliance requirements
Thorough understanding of the security concepts and intricacies associated with Cloud Computing, Infrastructure, Data Protection, Digital Mobility, Application Security, and Regulatory Compliance.Ability to define and manage reporting and measurement systems for IT Security.
Tools/Technology Experience: Functional knowledge of security tools for both Cloud environments and Data Center, including commercial and open source.
Experis is an Equal Opportunity Employer (EOE/AA)