ITC Federal ยท 12 hours ago
Senior Security Analyst (A&A)/Assessor - NIST
Maximize your interview chances
Information TechnologySecurity
Work & Life BalanceNo H1BSecurity Clearance Required
Insider Connection @ITC Federal
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Conducting A&A activities for NIST systems working individually or as part of a team.
Work with NIST staff to provide technical and policy driven solutions to remediate or mitigate identified risks.
Support system personnel with remediation plans for A&A findings.
Provide guidance to Information System Security Officers (ISSO) on system documentation.
Coordinate/conduct vulnerability scans and analyze results.
Complete Security Assessment Reports involving both technical and policy related aspects of the assessment.
Review and update A&A packages based on management feedback.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
5 - 8 years of experience implementing the NIST 800 Series Special Publications.
Demonstrable experience conducting IT assessor activities based on the NIST Risk Management Framework, to include the interviewing, examining and testing of related control sets; the review and/or updates of core system documents- System Security Plans, Contingency Plans, Privacy Threshold Assessments, hardware and software inventories, and system diagrams.
Performing Security Test and Evaluation and developing Security Assessment Reports for NIST senior management.
Delivering risk and vulnerability briefings confidently to management and government customers.
Experience working with vulnerability data, writing Assessment Reports, POA&Ms and Risk Acceptance justifications.
Knowledge of the formation and implementation of IT security policies to ensure confidentiality, integrity and availability of information systems.
Strong technical oral, writing and customer service skills as you will regularly interact with NIST colleagues and senior managers.
Ability to successfully pass a National Agency Check with Local Agency Check (NACLC)
Preferred
Prior federal or GOVCON experience
Cloud Experience (AWS or Azure)
Active Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA) or comparable certification
Advanced Degree in computer science or related field or related experience
Direct experience with NIST or other academic environments.
Expertise with COTS based security tools (i.e. RSA Archer, CSAM, Tenable, WebInspect, AppDetective) used to establish security baselines and assess continuing compliance.
Benefits
Health
Dental and Vision
401(k)
Flexible Spending Account (FSA)
11 Paid Federal Holidays
PTO
Education reimbursement