My Shortlist

Your shortlisted jobs will appear here. To view your shortlist, please login or register

More Jobs Like This
DATE ADDED: Wed 20/11/2019

Security Control Assessor/RMF (DHS EOD Cleared)

Falls Church, VA, US
ADD TO SHORTLIST APPLY NOW

COMPANY: TESTPROS

JOB TYPE: Permanent, FullTime

Company Overview



TestPros is a successful and growing business, established in 1988 to provide Information Technology (IT) technical support services to a wide range of Commercial and U.S. Federal, State, and Local Government customers. Our capabilities include Program Management, Program Oversight, Process Audit, Intelligence Analysis, Cyber Security, NIST SP 800-171 Assessment and Compliance, Computer Forensics, Software Assurance, Software Testing, Test Automation, Section 508 and WCAG Accessibility Assessment, Localization Testing, Independent Verification and Validation (IV&V), Quality Assurance (QA), Compliance, and Research and Development (R&D) services. TestPros is an Equal Opportunity Employer.



TestPros delivers innovative independent IT assessment solutions to critical challenges facing the nation and the world. We support the U.S. Federal Government and Commercial clients within the continental USA. TestPros is dedicated to making lives better, safer and more secure.



Job Summary



TestPros is looking for experienced Cyber Security Professionals with outstanding customer and technical skills and whom shares our passion for results and customer success. In return, we offer challenging and exciting work environments and competitive compensation packages. You will be located in the Tyson's Corner / Falls Church VA area, with occasional local travel to Springfield, VA.



This position requires full U.S. Citizenship, and a recent or current Department of Homeland Security BI highly desired.



Responsibilities and Duties





+ Support NIST Risk Management Framework (RMF) based Assessment and Authorization (A&A) activities.



+ Monitor and prepare required actions and documents pertaining to the A&A of the system throughout its lifecycle, to include security evaluation findings and residual risks.



+ Conduct comprehensive reviews of security authorization documents to ensure the appropriate NIST security guidelines were used during the assessments and the selections of security controls are relevant to the confidentiality, integrity, and availability of the systems.



+ Ensure required security authorization activities are completed and the results are documented in the DHS Information Assurance Compliance System IACS / XACTA tool.



+ Review and process Interconnection Security Agreements (ISAs), Policy Waivers, Approval to Test (ATT), and Interim Approval to Operate (IATO) documents.



+ Review IS security plans and other A&A documents for all applications to determine if DHS mandated procedures and tasks are followed, such as using IACS.



+ Assist the Government in preparing a written justification, when appropriate, to obtain a written waiver of policy for mandated security features.



+ Ensure that assigned systems/applications meet the minimum DHS A&A standards before a recommendation is made to the CISO for Authorization.



+ Attend Compliance Team meetings and provide reports in the approved format on the status of requested activities.



+ Update and upload all pertinent information for all systems within the DHS Headquarters FISMA portfolio repository.



+ Update relevant FISMA Compliance SOPs on a quarterly basis.



+ Provide guidance and support for all assigned Security Authorization activities.



+ Develop a preliminary Security Assessment Report (SAR).



+ Create the CSS Plan, including rules of engagement (ROE) for each major application, information system, or GSS undergoing authorization.



+ Document the results of the security control assessment, including recommendations for correcting any weaknesses or deficiencies in the controls, analyze findings, and develop risk mitigation techniques to address weaknesses



+ Contain the Contractor?s assessment of any required security controls.





Qualifications and Skills



You must have expert knowledge in:





+ Must have 5-7 years of relevant experience as a cyber security control assessor



+ U.S. Federal Information Assurance (IA), and the Risk Management Framework (RMF)



+ Related Best Practices from FedRAMP, NIST, and other sources



+ IT Security Engineering Life Cycle and Release Management



+ Assessment and Authorization (A&A), Certification and Accreditation (C&A), FISMA, FedRAMP, NIST SP 800-53, RMF



+ Risk and Issue Management and Mitigation



+ Strong written, verbal communication and presentation skills ? no exceptions! Ability to interface with customers including presentations to senior executives



+ Demonstrated leadership and team development skills



+ Demonstrated success consulting at the senior management level



+ Solid time management, planning, and ability to scope prospective engagements, develop proposals and project plans





Benefits and Perks



TestPros offers competitive salary, medical/dental/vision insurance, life insurance, 3 weeks of paid time off, 2 weeks of paid holidays, 401(k) retirement plan with up to 4% company match, opportunities for professional growth, cell phone discounts, and much more! All benefits are per TestPros current policies and are subject to change without notice. Benefits are available to full-time employees only.?



For more information or to submit your resume, please "Apply Now" or email #removed#
APPLY NOW