All Jobs TA7 - 10 R INFORMATION ASSURANCE SENIOR SECURITY SPECIALIST ASSESSMENTTA7 - 10 R INFORMATION ASSURANCE SENIOR SECURITY SPECIALIST ASSESSMENTFully Remote Description: Support in identifying cybersecurity deficiencies in information systems by performing technical assessments of assigned systems and applications to determine the severity of weaknesses; Supports the Security Authorization (SA) and Continuous Monitoring (CM), Risk Management Framework (RMF) process. Results of the assessments will be documented in the MGMT compliance tool, (e.g., IACS, CSAM, etc.), utilizing a standard report format with the results and findings from the assessment, along with recommended mitigations. Duties/Responsibilities: Create, manage, and utilize Assessment Standard Operating Procedures and Testing Templates. Create, manage, and utilize Assessment Guides and Training Material documents. Create, manage, and utilize Check-Point Reviews to determine system readiness for assessments. Manage Assessment Entrance Conference Briefing. Draft Security Assessment Report (SAR) for stakeholder review. Manage Assessment Exit Conference Briefing. Create Final Security Assessment Report. Develop and maintain an overall Security Assessment Schedule. Develop testing artifacts for each system. Update and maintain all testing templates and Standard Operating Procedures (SOP). Create Assessment Guides to assist stakeholders in preparing for upcoming assessments. Conduct and/or review vulnerability scans and system architecture. Provide advisement and recommendations for assessment and security best practices. Arrange for physical access to the system if applicable. Conduct an Assessment Kick-off meeting. Conduct check point reviews prior to the planned assessment date. Conduct an assessment entrance conference. Execute the assessment through the review of system security documentation. Document results in the draft Security Assessment Report (SAR). Conduct an assessment exit conference. Produce the Final SAR based on exit conference results. Collect and securely store all final materials and media. Requirements: Experience: (MUST HAVE): At least 4 years of NIST Security Control Assessor (SCA) experience. Must have led Assessment teams from planning through execution and finalization of an assessment. Capable of performing in a fast-paced environment. Strong communication skills both verbally and in written form. Mastery of control assessment requirements based on the NIST 800-53 A. Technical expertise in assessing environments such as Applications, Operating Systems, Databases, Appliances, Cloud Environments, and Physical environments. In-depth understanding of Nessus scan reports and identifying vulnerabilities. Proficient technical writing skills for control findings and assessment documentation. Extensive experience conducting assessment interviews. Work well within and lead teams with a positive attitude. Deep knowledge of Security Control testing and validation. CSAM experience. Working knowledge of DHS 4300 Policy. Experience/Years of Relevant Experience: At least 1 year of Splunk experience or Splunk certification. Required Experience: 8 years. Education/Certificates: Required Education: bachelor’s degree in computer science or related field. Certification: CISSP, CISM, CRISC, or CSSP.
#J-18808-Ljbffr