Vacancy caducado!
VetsEZ is currently seeking a candidate to join the team as a Cybersecurity Engineer (System Steward) where your expertise will be utilized to identify and minimize cybersecurity risks for the Department of Veterans Affairs (VA). You will be responsible for implementing policies that address requests for information on cyber best practices, assessing risks, supporting ATO activities throughout the RMF certification/accreditation processes (steps 0-6), and providing expert guidance on information system security to maintain optimal operational security posture. This role will involve meticulous system documentation and updates, close collaboration with system owners and ISSOs for ATO support and translating security concepts into practical recommendations to assist the client in making well-informed security decisions. This position offers the opportunity to showcase proficiency as a subject matter expert in information security while enhancing one's cybersecurity skills.The candidate must reside within the continental US.Responsibilities:
Expert communication and consultative support to the VA on matters related to system security certification & accreditation and Authority to Operate (ATO), using Risk Management Framework (RMF).
Experience and Technical knowledge of Network and Software Development.
Experience in the creation of Security-Specific documentation such as Incident Response, Contingency Planning, and Disaster Recovery processes.
Familiarity with the security controls outlined by the National Institute of Standards and Technology (NIST), as well as the Governance, Risk Management Framework (RMF), and security compliance procedures.
Skilled in providing support for system Authority to Operate (ATO) processes, including the creation of artifacts, implementation of controls, and development of POAMs.
Capable of facilitating meetings, conducting a thorough analysis of authorization documents and associated artifacts to identify any gaps, establishing a schedule to address outstanding authorization requirements, and effectively coordinating with stakeholders within the system team.
Proficient in utilizing the Enterprise Mission Assurance Support Service (eMASS) tool to manage intricate system records.
Experience in IT and Cloud design, security, development, systems engineering, and implementation efforts.
Requirements:
Degree In/Certifications: Cybersecurity, Computer Science, Information Systems, Information Assurance, Information Security, Information Resource Management, or related fields.
One or more of the following: IAT II, IAM II or IASAE II certifications:
ISC2 CISSP, ISC2 CAP, ISC2 SSCP, ISC2 CCSP, ISC2 ISSEP, ISACA, CISM, CISA, ISC2, EC-COUNCIL CEH, CompTIA Security+, CompTIA Network+
Additional Qualifications:
Minimum Experience: 5 years of Information Security Experience of which at least 3 years are of Cybersecurity and Cloud Security experience at a large Government agency similar in size/scope to GSA, IRS, DoD or VA.
Communicate and provide consultative support to the VA on matters related to system security certification & accreditation and Authority to Operate (ATO).
Coordinate and lead security and privacy activities within project teams and develop security and privacy-related artifacts.
Implement cybersecurity requirements for IT systems and applications, documenting them in formal security engineering documents using the Risk Management Framework.
Perform security analysis to identify gaps, implement compensating/mitigating controls, and assess residual risk.
Identify security risks through security impact analysis, system risk assessments, and technology security risk reports.
Conduct security compliance evaluations on IT products using various security evaluation tools.
Assess operating system and security configuration guidelines for IT product initialization and deployment using NIST SP 800-53 Security Controls.
Organize, develop, and present security briefings, summaries, and reports incorporating narrative, tabular, and graphic elements.
Effectively communicate and collaborate with internal and external customers regarding hardware and software configuration changes that may impact system security and violate policy.
Conduct and analyze security evaluation tools results from Tenable Nessus, Nmap, SCAP, Wireshark.
Assess operating system and security configuration guidelines into images for IT products initialization and deployment within the infrastructure SCAP-SCCD-BigFix.
Experience working in the FedRAMP cloud environment understanding IaaS, PaaS, and SaaS regarding cloud service provider security control responsibilities and customer responsibilities.
Effectively and efficiently communicate and collaborate with external and internal customers on any hardware and software configuration changes that adversely affect any current system security and their configurations or violate policies.
Apply knowledge of security principles, policies, and regulations in daily tasks.
Other responsibilities as assigned.
Benefits:
Medical/Dental/Vision
401k with Employer Match
PTO + Federal Holidays
Corporate Laptop
Training opportunities
Remote Opportunity
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected veteran status.Sorry, we are unable to offer sponsorship at this time.
Vacancy caducado!