gTANGIBLE Corporation
gTANGIBLE Corporation (gTC), www.gtangible.com, is a C corporation and a registered Government contractor that provides services and solutions in:
National Security Programs
Professional, Administrative, and Management Support
Mission and Warfighter Support
We are a Service Disabled Veteran Owned Small Business (SDVOSB) and the founder has years of successful experience in the Government contracting arena. Our leadership team is an exceptional group of Government contracting professionals. gTANGIBLE is in the process of identifying candidates for the following position.
Requisition Type:
Full Time Position Status:
Contingent Position Title:
Security Assessment Lead Location:
Washington, DC Clearance:
Secret Duties and Responsibilities
The
Security Assessment Lead
will
oversee
primary assessors to
assist TSA in conducting the approvals for
National Institute of Standards and Technology (NIST) Risk Management Framework (
RMF
)
steps 1 – 3 and completing the assessment package and activities associated with
RMF
steps 4 – 6 and for all of TSA systems.
Duties include the following: Serve as the main liaison and driving force for completing all Security Authorization (SA), OA, Preliminary Risk Assessment, and ad hoc Risk Assessment efforts. Complete SA Activities:
Assess all applicable security controls defined in the mandated DHS Compliance Tool and applicable to the systems under their purview Ensure
Information Systems Security Officer
s
(
ISSO
)
complete a FIPS-199, Privacy Threshold Analysis (PTA), E-Authorizations, Contingency Plans (CPs), Contingency Plan Tests (
CPTs
), Security Plans (SPs), and 800.53A test cases Ensure
ISSOs
complete a FIPS-199, Privacy Threshold Analysis (PTA), E-Authorizations, Contingency Plans (CPs), Contingency Plan Tests (
CPTs
), Security Plans (SPs), and 800.53A test cases Develop the SA Package documentation to include Security Assessment Plans (SAP), Security Assessment Reports (SAR),
Authority to Operate (
ATO
)
Letters, ATO Recommendation Memo, Risk Assessment Memos, CFO Designation Memo,
POA&M
finding matrices, Executive Data Sheet (EDS), OA artifacts, etc.
Ensure results are documented completely and accurately in the mandated DHS Compliance Tool at the operating system, application and database levels. Gather evidence for ATO efforts and store results in the mandated DHS Compliance Tool and/or in a separate
Governance, Risk and Compliance (
GRC
)
repository. Review
POA&M
closure and waiver packages in accordance with the
IAD
POA&M
Standard Operating Procedures. Review RFC or upgrades and provide recommendation on whether this will result in major or minor changes and overall cybersecurity impact and utilize
IAD
tool for tracking of changes. Conduct, evaluate, and analyze vulnerability results from ATO assessments, penetration tests, or ad hoc risk assessments from the following set of tools, to include but not limited to: NESSUS,
AppDetective
,
WebInspect
,
AppScan
and Nipper and create
POA&M
Matrices from results. Conduct Audit of Privileged Accounts (APA) as part of ATO activities and annually review
ISSO
Privileged Account Audits. Execute responsibilities as outlined in the SA and OA Standard Operating Procedures and assist the policy manager in the review of these, and other SOP-related processes for updates. Provide recommendations for refining and/or improving existing
RMF
processes and procedures and support implementation of these changes. Knowledge and Qualifications A minimum of 10 years of IT cybersecurity experience including direct support for the US Government and 7 years acting as an
ISSO
, assessor, or compliance analyst for enterprise IT systems OR a relevant Master's Degree in IT, Computer Science, or Engineering and 7 years' of IT cybersecurity experience including direct support for the US Government and 5 years acting as an
ISSO
, assessor, or compliance analyst At least one of the following security certifications: Certified Authorization Professional (CAP), Certified Information Systems Security Officer (
CISSO
), Certified Information Security Manager (
CISM
), or Certified Information Systems Security Professional (CISSP) Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements Technical knowledge of complex enterprise IT systems Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc. Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers. gTANGIBLE Corporation is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, marital status, national origin, or political affiliation.
#J-18808-Ljbffr
Full Time Position Status:
Contingent Position Title:
Security Assessment Lead Location:
Washington, DC Clearance:
Secret Duties and Responsibilities
The
Security Assessment Lead
will
oversee
primary assessors to
assist TSA in conducting the approvals for
National Institute of Standards and Technology (NIST) Risk Management Framework (
RMF
)
steps 1 – 3 and completing the assessment package and activities associated with
RMF
steps 4 – 6 and for all of TSA systems.
Duties include the following: Serve as the main liaison and driving force for completing all Security Authorization (SA), OA, Preliminary Risk Assessment, and ad hoc Risk Assessment efforts. Complete SA Activities:
Assess all applicable security controls defined in the mandated DHS Compliance Tool and applicable to the systems under their purview Ensure
Information Systems Security Officer
s
(
ISSO
)
complete a FIPS-199, Privacy Threshold Analysis (PTA), E-Authorizations, Contingency Plans (CPs), Contingency Plan Tests (
CPTs
), Security Plans (SPs), and 800.53A test cases Ensure
ISSOs
complete a FIPS-199, Privacy Threshold Analysis (PTA), E-Authorizations, Contingency Plans (CPs), Contingency Plan Tests (
CPTs
), Security Plans (SPs), and 800.53A test cases Develop the SA Package documentation to include Security Assessment Plans (SAP), Security Assessment Reports (SAR),
Authority to Operate (
ATO
)
Letters, ATO Recommendation Memo, Risk Assessment Memos, CFO Designation Memo,
POA&M
finding matrices, Executive Data Sheet (EDS), OA artifacts, etc.
Ensure results are documented completely and accurately in the mandated DHS Compliance Tool at the operating system, application and database levels. Gather evidence for ATO efforts and store results in the mandated DHS Compliance Tool and/or in a separate
Governance, Risk and Compliance (
GRC
)
repository. Review
POA&M
closure and waiver packages in accordance with the
IAD
POA&M
Standard Operating Procedures. Review RFC or upgrades and provide recommendation on whether this will result in major or minor changes and overall cybersecurity impact and utilize
IAD
tool for tracking of changes. Conduct, evaluate, and analyze vulnerability results from ATO assessments, penetration tests, or ad hoc risk assessments from the following set of tools, to include but not limited to: NESSUS,
AppDetective
,
WebInspect
,
AppScan
and Nipper and create
POA&M
Matrices from results. Conduct Audit of Privileged Accounts (APA) as part of ATO activities and annually review
ISSO
Privileged Account Audits. Execute responsibilities as outlined in the SA and OA Standard Operating Procedures and assist the policy manager in the review of these, and other SOP-related processes for updates. Provide recommendations for refining and/or improving existing
RMF
processes and procedures and support implementation of these changes. Knowledge and Qualifications A minimum of 10 years of IT cybersecurity experience including direct support for the US Government and 7 years acting as an
ISSO
, assessor, or compliance analyst for enterprise IT systems OR a relevant Master's Degree in IT, Computer Science, or Engineering and 7 years' of IT cybersecurity experience including direct support for the US Government and 5 years acting as an
ISSO
, assessor, or compliance analyst At least one of the following security certifications: Certified Authorization Professional (CAP), Certified Information Systems Security Officer (
CISSO
), Certified Information Security Manager (
CISM
), or Certified Information Systems Security Professional (CISSP) Knowledge of NIST Guidelines and FISMA Cybersecurity compliance requirements Technical knowledge of complex enterprise IT systems Knowledge of and experience using relevant cybersecurity and analysis tools such as Archer, Nessus Security Center, Splunk, etc. Experience communicating effectively, both oral and written, with technical, non-technical, and executive-level customers. gTANGIBLE Corporation is an equal opportunity employer and does not discriminate against any employee or applicant because of race, age, sex, color, physical or mental disability, religion, sexual orientation, marital status, national origin, or political affiliation.
#J-18808-Ljbffr