|February 2, 2024
DIGIT is seeking a Senior FISMA Security Analyst to support the federal compliance and governance requirements for all systems supported by the Task Order. The purpose of this role is to assist the DIGIT Director of Enterprise Security in the management and execution of GSA IT Enterprise Security Management and IT Continuity Management Services.
As a leading provider of advanced information technology solutions and professional services to U.S. federal government agencies, is the prime for a $807m task order in support of the General Services Administration (GSA) Office of Digital Infrastructure Technologies (IDT) DIGIT (Digital Innovation for GSA Infrastructure Technologies) task order driving digital transformation and delivering continuous improvement and business value to its customers. The team is comprised of the best-in-class technology partners to leverage forward-leaning technologies and best practices to transform GSA s IT capabilities and shift offerings to provide a more flexible service delivery model, completing the agency s shift to a fully digital experience along with its adoption of advanced, emerging technologies such as intelligent automation, artificial intelligence, and machine learning.
This position shall perform the following (to include but not limited to) activities:
- Assist in the creation, maintenance, and monitoring of Assessment and Authorization (A&A) documentation to obtain initial Authorization to Operate (ATO), On-Going Authorization, and Continuous Monitoring
- Be fluent with the RMF and NIST special publications; specifically SP-800-128, SP-800-60, 800-53 and STIGS
- Coordinate with program/project stakeholders, technical teams, the Information Systems Security Officer (ISSO), Information Systems Security Manager (ISSM) and other team members to define, implement and maintain an acceptable information systems security posture
- Performs analysis to validate established security requirements and to recommend additional security requirements and safeguards
- Translate operational requirements into technical requirements to meet program objectives and have the ability to assist in documenting those requirements
- Reviewing and evaluating information technology software, hardware and networks and the overall cyber security posture of information technology systems
- Provide timely status updates/reporting on assessments and assigned projects
- Create and deliver end user-related briefings and training and policy and/or compliance updates
CONTRACT REQUIRED QUALIFICATIONS
This following are REQUIRED for this position:
- Ability to obtain a Public Trust Clearance and ITILv4 Foundation Certification
- Possesses and applies a comprehensive knowledge across key tasks and high impact assignments.
- Functions as a security expert across multiple project assignments.
- Proven ability to work independently in a full and/or partial remote environment with limited supervision and may supervise/lead others.
- Possess the ability to communicate in both oral and written forms, demonstrating an ability to communicate effectively with all levels of staff as well as clients.
- Maintain standard working hours per the DIGIT contract and to be available for meetings, and other collaborative efforts during working hours.
- Demonstrated ability to apply comprehensive knowledge across key tasks and high impact assignments with the ability to use practical experience and training to determine how to accomplish tasks.
CONTRACT DESIRED QUALIFICATIONS
The following are DESIRED for this position:
- CISSP, CISA, CISM, Security+ or other relevant security certifications
- Familiarity with CUI requirements for unclassified IT systems a plus
- Must have track record of competency in obtaining initial A&A and reauthorization
- Familiarity with Unclassified network administration, specifically with:
- Network infrastructure and security best practices
- Local Area Network administration and maintenance, including user control and VPN access
- Mobile Device Management
- Identity and Authentication Services Management
- Comfortable with Windows operating systems
- Willingness and ability to independently take on a variety of IT Compliance tasks
- Linux operating systems experience
- Familiarity in the Google Suite (Gmail, Calendar, Chat, Meet, Docs, Slides, Sheets), Microsoft Office (Word, Excel, PowerPoint, Outlook), Slack, and ServiceNow.
EDUCATION AND EXPERIENCE
The following are the education and experience required for this position:
- 7-12 years of experience and bachelor's degree or equivalent
- Minimum 3-5 years direct experience with supporting FISMA and Financial Audit Requirements
- Minimum 3-5 years of direct experience supporting cybersecurity compliance and implementing steps to mitigate threats
- Minimum 3-5 years direct experience with continuous monitoring security expertise to business units and key stakeholders
- Minimum 3-5 years of direct experience creating and delivering end user-related briefings, training, policy, and/or compliance updates
Experience as a remote worker demonstrating time management and self-discipline with cultural change management and Agile mindset.
Sr FISMA Security Analyst (CISSP, CISA, CISM)