Cyber Security/IA Specialist, Senior (Cloud-based ATOs)

Job Description

The C

• Responsible for developing, writing, and editing cybersecurity-related technical documentation such as SOPs, technical manuals, user manuals, and downloading FedRAMP package/documentation for Microsoft O365 Tenant.
• Develop detailed cybersecurity plans, strategy, tasks, schedules, and identify milestone dates to ensure proper sequencing of events, work efforts, and resources to accomplish cybersecurity objectives in the implementation of MS O365 Tenant (MS Azure, Active Directory Federation Services, Conditional Access, Azure Sentinel, Cloud App Security, Windows Defender ATP, Microsoft Teams, and OneDrive).
• Spearhead the Authorization and Accreditation (A&A) process from design-stage to establishment and maintenance of system Authority to Operate (ATO) for MS Office 365 Tenant(Microsoft Azure, Active Directory Federation Services, Conditional Access, Azure Sentinel, Cloud App Security, Windows Defender ATP, Microsoft Teams, and OneDrive).
• Update the cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance/monitoring
• Work with third party vendor in upgrading and implementing a Cybersecurity tool (Varnois) and setup monitoring user activity between the workstation to the Microsoft cloud-based technology.
• Lead security assessments and analysis to certify and accredit that operational IT systems and networks align to system security policies, protocols, and best practices.
• Develop short-range and long-range plans for IT security systems that minimize risks associated with IT systems vulnerabilities.
• Spearhead the Authorization and Accreditation (A&A) process from design-stage to establishment and maintenance of system ATO for MS Office 365 Tenant.
• Develop and evaluate technical and security plans and policies for adherence with appropriate technical and architectural frameworks and standards; and provide recommendations to improve protocols or implementation solutions.
• Assists and lead the technical system on IT security planning, partner engagement, requirements planning, design, development, testing the effectiveness of security controls, and implementation of new technologies to detect, block, or mitigate system security risks.
• Work in small groups or independently to build and provide recommendation in best practices for IT security to Agency IT security team.
• Develop security monitoring and other tools to ensure the integrity and availability of our applications, server resources, reviewing system and applications logs.
• Categorize the Cloud Systems in accordance with NIST FIPS 199.
• Conduct an analysis of the FedRAMP baseline security controls package to adequately understand what controls the CSP will be required to implement.
• Develop an Incident Response Plan and Privacy Incident Response Plan thatcover procedures for reporting and mitigation of both security and privacy incidents for cloud services.
• Prepare the Security Assessment and Authorization package to include all FISMA required documents, i.e., POA&M, Executive Summary, SSP, Contingency Plan, etc.
• Recommend and assist with refining technical and end-user documentation as needed
• Identify new and innovative ways to use existing toolsets to automate security management, monitoring and related processes to reduce risk and costs.
• Implement CSP provided security tools to identify vulnerabilities or weaknesses to ensure security controls remain in place.

Qualifications

• Bachelor’s or Master’s degree in Information Technology/Computer Science, related field or equivalent
• Preferred Certifications: Security+ or higher security certification (preferred: IAM II, IAM III, CASP, CISM, CISSP, CRISC and CISA).
• MS Azure cloud certification (desired).

• Must have 10+ years of continuous cybersecurity experience in developing, writing, and editing technical IT security documentation.
• Must have experience with NIST 800-53 Rev4 and 800-53/JSIG security controls, assessments, and policies.
• Must have a thorough understanding of NIST FISMA guidelines
• Must have experience with
  vulnerability analysis (e.g., Nessus, SCAP, STIG Viewer)
• Must have working
  knowledge of Cloud technologies
• Must have strong problem solving and analytical skills
• Must have knowledge of security scanning tools such as
  Nessus
  , Office 365, Varonis DatAdvantage, and Forescout
  .
• Must have
  experience with Microsoft O365 Tenant (Microsoft Azure, Active Directory Federation Services, Conditional Access, Azure Sentinel, Cloud App Security, Windows Defender ATP, Microsoft Teams, and OneDrive).
• Must have experience with developing IT security documentation such as system security plans, IT security policies and standard operating procedures
• Must have experience with implementing IT security best practices and Risk Management Framework.
• Familiar with Cloud security (e.g. Microsoft Azure platforms)
• Experience creating system Authority to Operate packages, including primary and alternate systems
• Experience with vulnerability analysis (e.g., Nessus, SCAP, STIG Viewer).
• Experienceimplementing cybersecurity tools on systems in a cloud environment

Additional Information

• Medical Insurance
• Dental Insurance
• Vision Insurance
• Life Insurance
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Paid Holidays
• Paid Time Off (PTO)
• Tuition and Professional Development Assistance
• Parking Reimbursement