Vacancy caducado!
If qualified and interested please email an updated resume to Sara Valle at thank you and I look forward to connecting! Position: Security Compliance Analyst Location : Washington D.C. (remote flexibility offered) Clearance : s and able to obtain and/or maintain a Dept. of Homeland Security EOD as a condition of employment and Top Secret Clearance
Responsibilities- Participate in all steps of the Security Authorization and Assessment process for FISMA systems.
- Deliver all required documentation using the current DHS approved templates, forms, regulations, and methods.
- Continuously update all documentation as required.
- Provide advisement to stakeholders to assign resources and establish timelines to ensure the successful Security Authorization of a system.
- Review and validate all relevant NIST 800-53 and DHS 4300B Security Controls and/or applicable departmental policies for each IT system assigned.
- Ensure software installed in the production environment is evaluated and provide guidance regarding the potential for the software to introduce risk into the environment.
- Perform oversight of compliance with Vulnerability Alerts.
- Review and validate Plan of Actions & Milestones (POA&Ms) for each non-compliant control for each managed IT System prior to authorizing closure. Proper documentation to support the POA&M lifecycle shall be filed and updated as required, including well documented waivers and exceptions detailing the potential risk to the Authorizing Official.
- Perform in depth reviews of logs and other artifacts for each IT system.
- Provide, track and report security requirements throughout the project life cycle of all projects that are within the accreditation boundary of assigned systems.
- Work closely with Office of the Chief Information Security Officer (CISO) to provide guidance and oversight for all requested initiatives.
- Provide timely and detailed responses to all data calls.
- Provide oversight and guidance regarding requests to modify technical policies such as firewall rules, ports, protocols, etc. for each IT system.
- Coordinate with and brief Federal staff on all activities pertaining to each IT system as requested.
- Continuously maintain a thorough understanding of all configurations, architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols, and other relevant data for each IT System.
- Coordinate with the appropriate operational group to accurately update the System Design Document for each IT system to reflect the approved state of each IT system.
- Experience with Risk Management Framework (RMF), POA&Ms, Security Authorization and Assessments.
- Experience conducting and documenting vulnerability assessments.
- Knowledge of and experience with NIST SP 800-53, 800-53A, and 800-37.
- Understanding of FISMA compliance.
- Understanding of FedRAMP.
- Experience with Nessus scans, or similar tool.
- Strong writing skills are required.
- Experience working with DHS 4300A.
- Technical background and ability to review complex configurations for validation.
- CISSP, CISA, CAP, or equivalent certifications (DoD 8570 IAM 2 equivalent).
Vacancy caducado!