Job Type

Full-time

Description

Location - Remote / Hybrid if local to Columbia, MD

The Senior Information Security Analyst will be working on a large Federal system to advise on security matters, maintain all aspects to maintain the ATO, and instill a culture of security within the program.

Responsibilities:

• Create/Update all client security deliverables (SSP, CP, ISRA, CP, PTA/PIA, etc.)
• Work with team members to ensure security functions are implemented for the program(s) that are under their care
• Act as a trusted advisor for security matters for their programs, and provide training on security items when needed
• Act as a bridge between client security teams and project teams to bridge the gap between compliance and technical security issues and both teams
• Ensure proper testing occurs, and manage the vulnerability process in the scope of the program
• Translate technical security findings (pen tests, ACT, fortify, Tenable, etc.) to practical issues, and guide teams to appropriate preventative and corrective action
• Review program procedures and outputs, and implement corrective action when needed
• Act as a liaison for the program to client security teams
• Support corporate security as needed

Requirements

Required Skills:

• Experience in multiple aspects of FISMA, 6+ years
• Experience in an agile CI/CD development environment with a focusing on the testing and assessment functions (technical assessment and understanding in a dev/sec/ops environment)
• Experience in in Agile development and operations support, in respect to FISMA SP 800-53 guidelines
• Excellent writing and communication skills
• Experience in understanding security testing reports
• Experience in managing an audit for a program (SCA/ACT, A-123, IRS 1070, etc.)
• Experience with cloud-based systems (e.g., AWS, Azure)
• Experience in creating and maintaining the deliverables for the NIST RMF (800-series)
• Experience in the performing application-level testing (CP functional and tabletop testing required)
• Experience in CDM tools, and in respect to automated assessment
• Experience in performing risk assessments
• Experience running meetings and holding team members to deadlines

Desired Skills:

• Experience with CMS Security

Education:

• 6-8 years of experience in the required skill set (note CISSP requires 5 years in the required skill sets)
• CISSP (or CISSP derivative like CISSP-ISSMP) required (note that CAP does not qualify)
• Degree is preferred

Sparksoft is a certified Capability Maturity Model Integration (CMMI) SVC and DEV Level 3, ISO 9001:2015, ISO 27001:2013, Small Disadvantaged Business (SDB), Women-Owned Small Business (WOSB), and Small, Women-owned, Minority-owned (SWaM), and MBE/DBE/SBE consulting firm. With our focused mission "to ignite innovation, inspire transformation, and implement digital solutions for a healthier nation", we specialize in 6 specific digital health services: Test Automation, Cloud Services, DevOps Delivery, Cyber Security, Data Science, and Human-Centered Design. Since 2004, our exceptionally skilled people, proven leadership, and optimized processes all work together relentlessly to continuously push for more efficient solutions.

Sparksoft is an Affirmative Action/Equal Opportunity Employer and does not discriminate against any applicant for employment or employee because of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status, or any other characteristic prohibited under Federal, State, or local laws.

In accordance with the Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors, Sparksoft Corporation is complying with the requirements that all employees assigned to a federal contract be vaccinated. Employees in need of an exemption from this policy due to a medical reason or because of a sincerely held religious belief must submit a physician's note for a medical accommodation or a religious request for accommodation to the human resources department to begin the interactive accommodation process as soon as possible. Accommodations will be granted where they do not cause Sparksoft Corporation undue hardship or pose a direct threat to the health and safety of others. New hires must show proof of vaccination.

If you need accommodation seeking employment with Sparksoft Corporation, please email [Click Here to Email Your Resumé] or call 410-424-7700. Accommodations are made on a case-by-case basis.

At Sparksoft Corporation, we take security and protection of personal information very seriously. We will never ask you to send private personal information over email. Accordingly, we ask you to immediately contact our security team via email at [Click Here to Email Your Resumé] upon receiving a suspicious request.