Cyber Vulnerability Assessment Analyst SME

Summary

Join TestPros as a Cyber Vulnerability Assessment Analyst SME to support a Federal cyber security program.

Requirements

• 10+ years of proven experience as a Security Engineer with supervisory/leadership abilities to oversee large teams responsible for planning, analyzing, implementing, and maintaining many different projects
• Experience assessing security implementation of cloud and hybrid environments to include pipelines, applications and services
• Expert in all information security planning, compliance and risk management, manage teams, ensure they have appropriate skill sets, and tie the teams and results together
• Experience with analyzing the network to determine if appropriate security is applied; possess and apply knowledge NIST RMF
• Developed and implemented test plans and ensure execution; and evaluates the costs and benefits of security functions and considerations from analysis of alternatives, engineering trade-offs and risk treatment decisions
• Active clearance up to TS/SCI security clearance

Responsibilities

• Provide a mechanism for vulnerability and POA&M management
• Perform management of technical and policy related findings as a result of compliance, vulnerability, and penetration testing and internal reviews
• Meet with product and service teams to track progress and serve as a security subject matter expert on issues requiring clarification and resolution
• Provide guidance to ensure vulnerabilities are prioritized, fixed, mitigated, or risk accepted
• Deliver remediation tracking for all outstanding issues using an automated process to manage results, trending, and report
• Review change requests to ensure the proposed changes are in accordance with all security requirements in effect at the time of the change request
• Provide a recommendation to the Government as to whether the change request should be approved, approved with certain conditions, or disapproved citing the reason for disapproval
• Maintain a repository where every change request is stored along with the analysis performed by the contractor for each change request
• Capitalize and store pertinent artifacts for each change request in a location commensurate with the classification level of the artifacts
• Prepare a detailed weekly status of all activities, including status of open/closed action items, POA&M status/milestones, and any other pertinent data points as requested by the Government
• Work with product and service teams throughout the RMF process to manage organizational and program risk
• Perform reviews of policies, procedures, and related documentation currently maintained by program staff to identify missing or outdated documentation
• Develop and maintain documentation as required by security controls outlined in NIST 800-53a
• Update the aforementioned processes, procedures, and other living documents as needed and create new work products to fill identified gaps
• Review and provide guidance for documentation developed by service and product teams ensuring that these work products are completed following NIST guidance, commercial best practices, and the applicable federal policies
• Provide guidance to service and product teams for security information systems in accordance with CNSSI 1253, and NIST SP 800-30, 800-37, 800-39, 800-137
• Review work products, including security artifacts to ensure that the target is secured/documented appropriately (i.e., in accordance with CISA and DRS-defined security requirements) and that the documentation reflects and properly addresses CISA and DHS security requirements
• Support service and product teams with the selection and tailoring of security controls appropriate to the information system and the system's security objectives for confidentiality, integrity, and availability in accordance with NIST and CNSS guidance
• Perform this iteratively throughout the system life cycle
• Develop a scheme for storing and managing all documentation under this contract and, as appropriate, disseminate via mechanisms such as Microsoft SharePoint
• Maintain tools and methods selected to perform this function must be approved by the COR/GOV POC prior to implementation if different than the tools currently in use

Benefits

• Competitive salary
• Medical/dental/vision insurance
• Life insurance
• Paid time off
• Paid holidays
• 401(k) retirement plan with company match
• Opportunities for professional growth
• Cell phone discounts