Remote IT Security Specialist

Summary

The job is for a remote IT Security Specialist position lasting 12+ months. The role involves assessing the client's Application and Infrastructure Modernization (AIM) CMS, USDA, and ACF requirements for security compliance. The ideal candidate should have at least 5 years of experience in related work, including experience in AWS, Azure, or Google Cloud environments.

Requirements

• 5+ years of related work experience
• 5 years’ experience providing security compliance requirements for Applications in Cloud environments (AWS or Azure or Google etc.)
• 5 years’ experience updating or maintaining SSP/SSPP documents
• 5 years’ experience participating in Assessment & Authorization (A&A)
• 5 years’ experience supporting infrastructure assets and services by proactive monitoring, evaluating application/system components through system compliance examinations and testing utilizing NIST 800-53
• 5 years’ experience providing security engineering review and recommendations
• 5 years’ experience working with large teams in an Agile environment
• 5 years ISSO experience
• Experience coordinating and working under an ATO
• Experience assessing system modifications such as major and minor releases and potential security impacts
• Experience providing recommendations for improvement to amend vulnerabilities
• Experience assisting Program Managers and Senior Leadership developing Correction Action Plans (CAPs) when responding to IT and Financial audits

Responsibilities

• Assist and assess the client Application and Infrastructure Modernization (AIM) CMS, USDA and ACF requirements for security compliance
• Review the RFP, MOU and MOA for privacy, security, Business Continuity Planning, Disaster Recovery and audit requirements
• Identify risks and assist in the development of mitigation strategies
• Establish the target security/infrastructure architecture
• Plans, implements, upgrades, or monitors security measures for the protection of computer networks and information
• Continuously assess the development process and suggest improvements
• Supports the ISSO with the management of system security plans, ensure the systems obtain and maintain an authorization to operate (ATO), and meets all requirements for certification
• Provides support and security compliance to meet the security standards for Applications and systems in Cloud environments (AWS or Azure or Google etc.)
• Provides Security compliance oversight of information systems security program for applications and systems within the ATO boundary leveraging MARS-E, NIST, and HIPPA Guidelines
• Coordinates with the O&M and Infrastructure team to ensure COTS and other support software is current and compliant with current InfoSec policies
• Provides support to Software Developers, Engineers and other team members on the optimal methods to meet security requirements while minimizing impact and delays in meeting mission requirements
• Work closely with the Enterprise Architecture (EA), Database Administrator (DBA), Migration and Application Development teams to develop and implement automated Disaster Recovery capabilities including automated alerting, notifications, containment, data backup & recovery
• Partner with EA, and Application Development teams to develop Security Event Logging and Monitoring processes
• Perform internal assessments of security controls to ensure compliance with legislation, regulation, and technical standards with technical teams
• Monitor infrastructure assets and services, evaluate application/system components through system compliance examinations and testing utilizing NIST 800-53
• Tracks and monitors remediation efforts stemming from IT assessment and financial audits through Plans of Actions and Milestones (POA&Ms) and Correction Action Plans (CAPs) and informing Senior Leadership of security measures in place