Information Security Controls Assessor

Current Top Secret Clearance requiredThe Information Assurance Analyst (CISSP Must have) is responsible for coordinating with the Infrastructure, engineering and application teams to improve cyber hygiene and security across various applications. Ensures cybersecurity principles and best practices are applied program-wide to maintain the integrity and availability of CA systems. Able to perform direct and advisory roles in oversight planning and implementation of projects and initiatives. Interface as needed at multiple levels of management, providing information and thought leadership in technical areas. Capable of providing recommendations regarding system upgrades, patch deployment guidance and overall compliance of systems. Ability to develop RMF accreditation packages to help systems achieve and maintain their Authorization to Operate (ATO) certification. Review existing governance, risk, and cybersecurity documentation for compliance with the Risk Management Framework (NIST SP 800-37) and Security and Privacy Controls. Write and understand security control implementation statements for incoming systems, including cloud based.Responsibilities: (but not limited to) Experience with coordinating with security engineers, IT operations team members and customers to develop and maintain the Plan of Actions and Milestones (POA&M) Acceptance of Risk (AOR) and other required security documentation processes and procedures. Experience with cooperating with multiple operations teams to ensure appropriate response to security findings. Knowledge and experience with Common Vulnerabilities and Exposures (CVE) to provide process and remediation recommendations.

• The proven ability to influence and communicate effectively: excellent written and verbal communications skills, including an ability to communicate very technical findings to both technical and non-technical audiences, including project managers, systems engineers, developers, enterprise architects and senior management. Experience reviewing, researching and providing guidance to engineers and respective OS admins to properly respond to vulnerabilities. Provide guidance regarding vulnerability and risk analysis within the cybersecurity industry, including current and emerging technologies, methodologies (including cloud security models.) Have good working knowledge of OEL & RHEL systems Must be both a self-starter and team player with the ability to work independently with limited supervision. Must be extremely flexible and able to manage multiple tasks and priorities on very tight deadlines. Experience with implementation and writing technical security controls in cloud environments.
• Developing documentation on new or existing systems. Providing system/equipment/specialized training and technical guidance. Serving as liaison with clients, participating in meetings to ensure client needs are met. Ability to independently research and collaborate with teams to develop knowledge regarding the environment. Must be willing to take on lead roles within the team and effectively train team members based on inherent knowledge. Experience using tracking and reporting tools such as; Confluence, ServiceNow, and SharePoint.

• Knowledge of current IT security best practices Knowledge of system administration, networking, and operating system hardening techniques Mixed operating systems experience: (Linux, Windows)