Today

Secret

Unspecified

IT - Security

Vienna, VA (On-Site/Office)

Company Overview

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

Responsibilities

Provide technical leadership and support to the bureau's RMF 4 Independent Assessment Team, which is responsible for conducting RMF step 4 activities for various information systems. These activities include, but are not limited to, the production of high-quality deliverables such as:

Security Assessment Plans (SAP)
Vulnerability scan reports
Security Control Test Steps
Vulnerability and Compliance Findings
Security Assessment Reports (SAR)

Responsible for managing, tracking, and reporting of the RMF 4 activities conducted by the RMF 4 team for each FISMA reportable system.
Responsible for managing the bureau's Tenable team to support ongoing operations as well as the deployment of the Tenable High Availability infrastructure.
Responsible for ensuring that all system deliverables comply with Information Assurance policy, specifically NIST 800-53, Information Assurance Implementation.
Duties will include (but are not limited to):

Based on OMB, NIST, and client specific guidance, process and related documentation, the team will develop and submit Security Authorization Packages.
Brief assessment findings with system owners and ISSOs. At that time, the system owner will have a chance to discuss findings for clarification and/or correction.
Make recommendations to correct RMF documentation and process deficiencies discovered while conducting reviews of completed or closed POA&Ms and RMF Packages.
Assess vulnerabilities of the client systems.
Ensure that the implementation of security designs properly mitigate identified threats and reduce risk.
Provide input to Assessment Process activities and assist in updating/creating relevant SOP's.

Required Experience/Qualifications

Bachelor's degree and 7-10 years of experience in the Assessment & Authorization (A&A) process and the Risk Management Framework (RMF) or equivalent experience in lieu of a degree.
5+ years of experience managing a team.
Certified Information Systems Security Professional (CISSP) or ability to obtain within 9 months; or Certified in Governance, Risk, and Compliance (CGRC) or ability to obtain within 6 months.
Operational knowledge of Tenable Manager and Tenable.SC.
Ability to manage and mentor an assessment team.
Exceptional verbal and written communication skills including briefings and debriefings of client personnel including Information System Security Officers (ISSO), System Owners, and Chief Information Security Officer (CISO)
Thorough knowledge of, and experience with, the NIST 800 series publications to include: 800-30, 800-37, 800-53, 800-53a, and 800-53b.
Previous experience creating all necessary RMF step 4 Assessment and Authorization documentation. Experience should clearly be defined in resume.
Ability to manage team members handling authorization packages for multiple systems of different size and complexity. Experience should be outlined in resume.
Experience conducting security scans and developing findings
Less than 10% travel to local customer sites in Washington DC for Customer Meetings

Preferred Experience/Qualifications

Proficiency evaluating and analyzing results from the following set of tools, to include but not limited to: Nessus Pro, Nessus Manager, Tenable Security Center (Tenable.SC), and Oracle databases.
Admin level background in Linux operating systems.

Special Requirements/Security Clearance

Clearance Level SECRET (Required to Start)

Physical Demands

group id: RTX15e409

Recruiter

Information Assurance Team Lead

By Light Professional IT Services

By Light Professional IT Services Jobs

Location

Job Category

Clearance Level

Employer