In this position, you are a Senior Information Security Specialist responsible for providing security-related support services to a portfolio of existing operational systems of varying sizes and complexity. Your primary responsibility is to help ensure the program office, system owners and engineering staff are responsive to the agency's security related inquires, comply with policies and security controls, and maintain security authorization artifacts. You will act as a liaison to communicate and provide timely/accurate responses to federal and agency security related data calls (e.g., FISMA reporting, assets with known vulnerabilities) to include interpreting changes to policies, standards, and procedures. In addition, you will provide expertise and guidance to implement applicable security controls throughout the system development lifecycle. You will work in a customer-facing role in a dynamic team environment with multiple touchpoints interfacing with many stakeholders.
Applicants must be U.S. Citizens or Green Card holders Responsibilities:
Work closely with the program management office, system owners and engineering staff to provide guidance on whether security policies, standards and procedures are properly implementedAnalyze new or updated security policies and data calls, collaborate with stakeholders, and develop responses that are clear and accurateCollaborate with ISSOs and system owners to maintain and update system security documentation related to ATO and annual assessment.Support the review/update of security authorization artifacts such as System Characterization Documents, System Security Plans, System Contingency Plans, Privacy Threshold Analysis, and others as neededInterpret security risk assessment, review security scan results, assess security vulnerabilities and support the development/tracking of Plan of Action and Milestones (POA&Ms) mitigation and/or risk acceptanceSupport the development and modification of implementation and design documents describing how security features are implementedWork with engineering personnel to document remediation actions for system vulnerabilities and non-complianceAnalyze and interpret agency security requirements to communicate to non-security savvy personnelCollaborate with the system maintainer to support continuous monitoring effortsProvide Splunk Administration Support to include working with existing Splunk applications and add-ons to fulfill customer needs, defining auditable events, create/update dashboards, review suspicious activities, edit configuration files/apps and continuously review logsQualifications: 5 years of relevant experience with bachelor's degree in relevant field or 3 years of relevant experience with master's degree in relevant fieldMust hold one of the following certifications: CISSP or CASP+Familiarity with such tools such as Splunk, Tenable's Nessus and/or Security Center, Network Mapper (NMAP), App DetectivePro, HP Web Inspect, or similar applicationsExperience working with Azure/AWS cloud computing services, databases, networks, hardware, firewalls, cross-domain solutions, and encryption in a cyber-security roleThorough knowledge of NIST 800 Special Publications, Federal Information Processing Standards (FIPS) and other significant federal regulationsStrong background and extensive experience with Risk Management Framework (RMF)Must be familiar with and have previous experience with the security authorization process including the review of system security documentation, i.e., system boundary definition, systems security plan, configuration management plan, contingency plan, and security agreements (e.g., MOUs, ISAs), etcExperience evaluating systems, assessing system risks and security findings, and recommending mitigation and remediation actionsKnowledge of electronics theory, IT, telecommunications, and supervisory control systems including cryptography, vulnerability assessment, and exploitation techniquesKnowledge and experience with requirements risk management, security engineering, and security architectureExcellent interpersonal skills, including the ability to work on multi-functional teamsDesired Qualifications:
Familiarity with USDA Forest Service security policies, procedures and controlExperience using NIST SP 800-60 Guide for Mapping IT SystemsExperience using NIST SP 800-160 Systems Security EngineeringExperience using NIST SP 800-53 Security and Privacy Controls for Information Systems and OrganizationsExperience using NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsCertified Information Systems Auditor (CISA) CertificationProficiency using CSAM (Cyber Security Assessment Management) toolVendor specific cloud certifications ( AWS, Azure, GCP)
Clearance:
Must be a U.S. Citizen and pass a background investigation for Public TrustMust be willing to undergo a background investigation
Work Location:
Prefer local to Northern Virginia but remote work is acceptableCompetitive Benefits: Medical, Dental & Vision coverageLife InsuranceShort, Long Term Disability InsurancePTO & Federal Holidays Off401(k) PlanAccess to state-of-the-art gymnasium (at TechTrend HQ)Premium coffee bar (at TechTrend HQ) TechTrend, Inc.TechTrend, Inc. is a veteran-friendly small business providing expert solutions, products, and services to the federal government. Founded in 2003, we continue to evolve with capabilities in cybersecurity, devsecops, cloud managed services, cloud migration, and application development. We are a Microsoft Gold Partner and leading provider of Azure cloud services. TechTrend is recognized as a trusted partner delivering knowledge and guidance for our client's most critical and complex support and service needs. As a liaison for positive organizational change, we form relationships and build bridges while ensuring quality across functions—gaining buy-in from both leaders and end-users and removing barriers to mission success. Our established processes ensure quality delivery of results by maximizing efficiency, productivity, and client satisfaction enterprise wide. TechTrend is a fast-growing company with a dynamic, inclusive corporate culture headquartered in a state-of-the-art facility near the well-known Fairfax Mosaic District.
