Information Assurance Security Specialist (IASS)
United States
Full Time Mid-level / Intermediate Clearance required USD 81K - 115K *
OBXtek Inc.
Responsibilities
OBXtek is staffing for an Information Assurance Security Specialist (IASS) to support the Department of State Consular Affairs (CA/CST) Bureau.
The IASS tasks and responsibilities include:
- Working as an information system security subject matter expert (SME) on FISMA, NIST standards and guidelines, Privacy Act, HIPAA, E-Gov, OMB Circulars A-11 and A-130, and Clinger-Cohen as they apply to data and application security.
- Responsible for Assessment and Authorization (A&A) activities for Consular Affairs / Consular Systems and Technology (CA/CST) automated information systems (AIS) and provides A&A support for domestic and oversea deployed systems, as well as A&A activities on Cloud systems (IAAS, SAAS, and PAAS).
- Tracks and reports status of their assigned A&A’s and brings any obstacles that may impact the completion of the A&A to the attention of the A&A Task Lead and the Program Manager (PM) in a timely manner.
- Ensures that A&A packages are submitted to IA and follows up to ensure IA approval of each phase of the A&A process prior to systems’ Authorized to Operate (ATO) expiration date.
- Analyzes production system configuration change requests (CCR) of existing systems to determine security impact using the Security Impact Analysis (SIA) process, and initiates required actions to maintain security posture and authorization status.
- Supports weekly or monthly meetings with Government Technical Monitors (GTMs) and developers. Schedules and facilitates boundary meetings, RMF Step 1 Kick-off meetings, System Categorization meetings and RMF 1-3 Working Groups.
- Gathers required information to support system authorization by organizing technical working groups, conducting fact-finding interviews, attending system demo, assessing system security categorization (SCF) levels, establishing system security control baseline, acting as a security advisor to the GTM during the security controls implementation.
- Draft and maintain project schedules for each of their assigned systems as they go through the RMF process.
- Develops, updates, and maintains the following security application documentation:
- Security Categorization Form (SCF)
- E-Authentication Form (eRA)
- System Security Plan (SSP)
- Supports the Contingency Plan (CP) SME and Privacy Impact Assessment (PIA) SME in the development of the following security application documentation:
- Information System Contingency Plan (ISCP)
- Privacy Impact Assessment (PIA)
- Completes data calls in a timely manner which include but not limited to Quarterly POA&M data calls. Reviews, monitors, and reports POA&Ms status to all parties including PM, ISSS GTM, System GTM, System Development Team, and System Operation Teams.
- Provides guidance to System GTM and System developers as it related to the A&A process using both the National Institute of Standard and Technology (NIST) Special Publication (SP) 800 series and Department Foreign Affairs Manual (FAM) guidelines.
- Assists and advises System GTMs and System developers in the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet AIS security requirements.
- Attends Agile security scrum meeting with stakeholders and provide feedback during those meetings.
Qualifications
Active Secret Clearance.
Education:
- Bachelor’s degree in computer science, Information Technology, Information Assurance, Cybersecurity, or related field.
Desired Certifications:
- CAP, CISSP, or other IT and security-related certifications
Experience:
- 3-5+ years’ experience in the Risk Management Framework process, cybersecurity, information assurance, or IT.
- Extensive knowledge of FISMA Compliance and NIST guidelines including Risk Management Framework (RMF), and the NIST SP 800 series.
- Hands-on experience writing System Security Plans (SSPs), Security Categorization Forms (SCF), and other various RMF Steps 1-3 documentation.
- Experience conducting RMF Steps 1, 2, 3, & 6.
- Proficient writing and communication skills.
- Experience working in an Agile environment.
- Experience performing RMF 1-3 activities on systems within the cloud and/or hosted on FedRamp approved IAAS, SAAS, or PAAS.
- Ability to work in fast-paced environments.
- Working experience with the Archangel GRC tool.
- Proficient with SharePoint, Microsoft Teams, Confluence, Microsoft Project, and Office 365.
Security Clearance
SecretCompany Information
Headquartered in McLean, Virginia and founded in 2009, OBXtek is a fast-growing leader in the government contracting field. Our mission is Our People…Our Reputation. Our people are trained professionals who enhance our customers’ knowledge and innovation using technology, collaboration, and education.
We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement plans and much more.
As a prime contractor for 93% of our current work, OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO. Our rapid growth has been recognized by INC500, the Washington Business Journal, and Washington Technology magazine.
OBXtek is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, gender identity, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Application security CISSP Clearance Cloud Compliance Computer Science Confluence FedRAMP FISMA HIPAA IaaS ITIL NIST PaaS POA&M Privacy Risk management RMF SaaS Scrum Security Clearance Security Impact Analysis SharePoint System Security Plan
Perks/benefits: 401(k) matching Flex hours Flex vacation Health care Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DoD-related jobs