Information Security Analyst SME with TS/SCI

Information Security Analyst SME with TS/SCI

12 Nov 2024
Virginia, Arlington, 22201 Arlington USA

Information Security Analyst SME with TS/SCI

Company Overview TestPros is a successful and growing business, established in 1988 to provide Information Technology (IT) technical support services to a wide range of Commercial and U.S. Federal, State, and Local Government customers. Our capabilities include Program Management, Program Oversight, Process Audit, Intelligence Analysis, Cyber Security, NIST SP 800-171 Assessment and Compliance, Computer Forensics, Software Assurance, Software Testing, Test Automation, Section 508 and WCAG Accessibility Assessment, Localization Testing, Independent Verification and Validation (IV&V), Quality Assurance (QA), Compliance, and Research and Development (R&D) services.TestPros is an Equal Opportunity Employer. TestPros delivers innovative independent IT assessment solutions to critical challenges facing the nation and the world. We support the U.S. Federal Government and Commercial clients within the continental USA.TestPros is dedicated to making lives better, safer and more secure. Job Summary TestPros is seeking a Information Security Analyst SME to support a Federal cyber security program. Position: Full-time Citizenship: U.S. Citizenship Job Title: Location: Arlington, VA (or Pensacola, FL) and Remote Security Clearance: Top Secret SCI Project overview:POA&M ManagementThe POA&M tracker lists mitigation and milestones with completion dates and serves to trackthe resolution of vulnerabilities and non-compliance with security controls identified duringassessments and at any point during the system's life cycle. The Contractor shall provide amechanism for vulnerability and POA&M management. The status must be updated on a weeklybasis. Recommendation for closure is based on changes made to the system to remediate issuesor to mitigate the risks with the necessaiy suppo1ting evidence presented for resolution. TheContractor shall prepare a detailed weekly status of all activities, including status of open/closedaction items, POA&M status/milestones, and any other pertinent data points as requested by theGovernment.Vulnerability lManagementThe Contractor shall perform management of technical and policy related findings as a result ofcompliance, vulnerability, and penetration testing and internal reviews. The Contractor mustmeet with product and service teams as required to track progress and serve as a security subjectmatter expe1t on issues requiring clarification and resolution. The Contractor shall provideguidance to ensure vulnerabilities are prioritized, fixed, mitigated, or risk accepted. TheContractor shall deliver remediation tracking for all outstanding issues using an automatedprocess to manage results, trending, and report. Risk mitigation strategies, recommendations, andapplicable security controls must be documented and must include cost effective solutions thatsuppot mission goals.Security Review of System ChangesThe Contractor shall review change requests to ensure the proposed changes are in accordancewith all security requirements in effect at the time of the change request. The contractor mustprovide a recommendation to the Government as to whether the change request should beapproved, approved with certain conditions, or disapproved citing the reason for disapproval.The Contractor shall maintain a reposito1y where eve1y change request is stored along with theanalysis performed by the contract for each change request. The Contractor shall also caphll"eand store pe1tinent a1tifacts for each change request in a location commensurate with theclassification level of the artifacts. The Contractor shall prepare a detailed weekly status of allactivities, including status of change requests, open/closed action items, and any other pe1tinentdata points as request by the Government.Comprehensive Security Technical DocumentationActivities related to managing organizational and program risk are paramount to an effectiveinformation security program especially for complex information systems. The Contractor shallwork with the product and service teams throughout the RMF process. The Contractor shallperform reviews of the policies, procedures, and related documentation currently maintained byprogram staff to identify missing or outdated documentation. Subsequent reviews should beperformed on an annual basis at a minimum or as directed by the Government. In suppo1t of thisactivity, the Contractor shall develop and maintain documentation as required by securitycontrols outlined in NIST 800-53a which include the following: Program policies and common controls Standard Operating Procedures (SOPs)/Guides Program common controls Security artifacts and a1tifact templates, and Concept of Operations (CONOPS) Other security-related technical documentation as directed by the Government.The Contractor shall update the aforementioned processes, procedures, and other livingdocuments as needed and create new work products to fill identified gaps. The Contractor shallreview and provide guidance for documentation developed by the service and product teamsensuring that these work products are completed following NIST guidance, commercial bestpractices, and the applicable federal policies. The Contractor shall provide guidance to serviceand product teams for security information systems in accordance with CNSSI 1253, and NISTSP 800-30, 800-37, 800-39, 800-137. The Contractor shall review work products, includingsecurity artifacts to ensure that the target is secured/documented appropriately (i.e., inaccordance with CISA and DRS-defined security requirements) and that the documentationreflects and properly addresses CISA and DHS security requirements. In addition, the Contractorshall support service and product teams with the selection and tailoring of security controlsappropriate to the information system and the system's security objectives for confidentiality,integrity, and availability in accordance with NIST and CNSS guidance. The Contractor shallperform this iteratively throughout the system life cycle. The Government shall make the finaldetermination as to the work product that is considered acceptable.A scheme for storing and managing all documentation must be developed and/or maintainedunder this contract and, as appropriate, disseminated via mechanisms such as MicrosoftSharePoint. The tools and methods selected to perform this function must be approved by theCOR/GOV POC prior to implementation if different than the tools currently in use. Additional activities include ML Security Operations, Offensive Security, risk assessments, consistent communication, and detailed technical documentation. Responsibilities and Duties: Performing security controls. The SME Information Security Analyst is responsible for leading the RMF assessment, authorization, and monitoring steps for systems following NIST and ICD 503 standards and best practices. .Required skills:

10+ years of proven experience performing security controls.

Experitice inRMF assessment, authorization, and monitoring steps for systems following NIST and ICD 503 standards and best practices.

Expert knowledge of Federal policies and practices related to cyber security

Possess excellent verbal and written communication skills;

Have knowledge, skills, abilities, and experience with common assessment & authorization (A&A) application platforms (e.g. eMASS, CSAM, Xacta is preferred) for performing tasks.

Strong architecture, network and infrastructure security, or next gen security expertise (agile/hybrid agile, cloud).

The SME Information Security Analyst must have extensive experience working with various security methodologies and processes, compliance controls related to cloud security, performing assessments in cloud computing environment.CADS is currently hosted in the cloud. It is a multi cloud offering containing AWS, Azure, and GCP services.

Extensive experience providing analysis and trending of vulnerability data form a large number of heterogeneous devices

Must possess expert knowledge in risk and vulnerability management.

Active clearance up to TS/SCI security clearance.

Preferred Qualifications and Skills

Agency experience (ideally DHS CISA)

Cyber program experience

SAFe and DevSecOps experience

.

Benefits

TestPros offers a competitive salary, medical/dental/vision insurance, life insurance, paid time off, paid holidays,401(k) retirement plan with company match, opportunities for professional growth, cell phone discounts, and much more! All benefits are per TestPros current policies and are subject to change without notice. Benefits are available to full-time employees.​

TestPros, Inc. is an Equal Opportunity Employer.

EEO Statement

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, marital status, age, national origin, protected veteran status, or disability. VEVRAA Federal Contractor.

Powered by JazzHR

Related jobs

  • Description

  • Date Posted:

  • Summary About the Position: This position is in the Defense Civilian Intelligence Personnel System (DCIPS). Employees occupying DCIPS positions are in the Excepted Service and must adhere to U.S. Code, Title 10, as well as Department of Defense Instruction 1400.25. This position is located at the HT-W39LAA US ARMY NATIONAL GUARD READINESS CTR. Responsibilities Establish, develop, coordinate, and implement security policy and procedures to ensure local and national security policy is promulgated in all the states and territories. Plan, direct, coordinate execute and manage the SCI (Sensitive Compartmented Information) security program for current and long-range operational plans, goals, and objectives. Represent the Security Program Branch at high level government working groups regarding security program policy input and collaboration. Explain the nature and reasons for various security actions to subordinates and higher-level management. Requirements Conditions of Employment Qualifications Who May Apply: Only applicants who meet one of the employment authority categories below are eligible to apply for this job. You will be asked to identify which category or categories you meet, and to provide documents which prove you meet the category or categories you selected. See Proof of Eligibility for an extensive list of document requirements for all employment authorities. 10-Point Other Veterans’ Rating 30 Percent or More Disabled Veterans 5-Point Veterans\' Preference Current Army Defense Civilian Intelligence Personnel System (DCIPS) Employee Current Department of Army Civilian Employees Current Department of Defense (DOD) Civilian Employee (non-Army) Current DoD Defense Civilian Intelligence Personnel System (DCIPS) Employee (non-Army) Disabled Veteran w/ a Service-Connected Disability, More than 10%, Less than 30% Non-Department of Defense (DoD) Transfer Prior Federal Service Employee Priority Placement Program, DoD Military Reserve (MR) and National Guard (NG) Technician Eligible Priority Placement Program, DoD MR and NG Preference Eligible Tech Receiving Disability Retirement Priority Placement Program, DoD Retained Grade Preference Eligible United States Citizen Applying to a DCIPS Position Army DCIPS positions apply Veteran\'s Preference to preference eligible candidates as defined by Section 2108 of Title 5 U.S.C., in accordance with the procedures provided in DoD Instruction 1400.25, Volume 2005, DCIPS Employment and Placement. In order to qualify, you must meet the experience requirements described below. Experience refers to paid and unpaid experience, including volunteer work done through National Service programs (e.g., Peace Corps, AmeriCorps) and other organizations (e.g., professional; philanthropic; religious; spiritual; community; student; social). You will receive credit for all qualifying experience, including volunteer experience. Your resume must clearly describe your relevant experience; if qualifying based on education, your transcripts will be required as part of your application. Additional information about transcripts is in this document. Experience required: To qualify based on your experience, your resume must describe at least one (1) year of experience which prepared you to do the work in this job. Specialized experience is defined as: Developing policy on SCI (Sensitive Compartmented Information) security while presenting and defending the recommended changes; providing solutions on SCI security issues; executing the SCI security program for current and long-range operational plans; conducting security inspections of multiple subordinate activities; ensuring compliance with regulatory requirements; building requirements and best practices for SCIF (Sensitive Compartmented Information Facility) and TSCIF (Temporary Sensitive Compartmented Information Facility. You will be evaluated on the basis of your level of competency in the following areas: Personnel Security Planning and Evaluating Security Program Management Technical Competence Specialized experience is progressively responsible intelligence-related security work directly related to the position being filled. Creditable experience may include previous military experience, experience gained in the private sector or in another government agency as long as it was at a level at least equivalent to the next lower band in the series. Education Some federal jobs allow you to substitute your education for the required experience in order to qualify. For this job, you must meet the qualification requirement using experience aloneno substitution of education for experience is permitted. Additional Information Male applicants born after December 31, 1959, must complete a Pre-Employment Certification Statement for Selective Service Registration. You will be required to provide proof of U.S. Citizenship. Direct Deposit of Pay is required. All INSCOM employees may be subject to extended TDY or worldwide deployments during crisis situations to perform mission essential functions as determined by management. Must be able to obtain and maintain a Top Secret security clearance. Incumbent (or Selectee) is required to satisfactorily complete the appropriate training and obtain the required certification/recertification for this position as outlined in DoD Publication 8570.01-M Information Assurance Workforce Improvement Program, dated 19 December 2005 (incorporating Change 1, 15 May 2008). Selection is subject to restrictions resulting from Department of Defense referral system for displaced employees. If you have retired from federal service and you are interested in employment as a reemployed annuitant, see the information in the Reemployed Annuitant information sheet. This is a(n) Security & Intelligence Career Field position. Multiple positions may be filled from this announcement. Salary includes applicable locality pay or Local Market Supplement. Payment of Permanent Change of Station (PCS) costs is not authorized, based on a determination that a PCS move is not in the Government interest. This is a Title 10 Excepted Service position covered by the Defense Civilian Intelligence Personnel System (DCIPS). Appointment to this position does not confer competitive status. Prior to appointment applicants are required to sign a statement indicating they understand the conditions of employment or assignment to the position and acknowledge the consequences of failing to meet and maintain those required conditions. You will be required to sign a DCIP MOU (Memorandum of understanding) for the conditions of the appointment. This position has been identified for the Security Professional Education Development (SPeD) Certification Program. This position requires the incumbent obtain the following core SPeD Certification: Security Fundamentals Professional Certification (SFPC) within their first two years of employment. This position is eligible for situational telework, including emergency and OPM prescribed \"unscheduled telework\" and regular/recurring telework, IAW current National Guard Bureau telework policy after date of hire.

  • Req ID: RQ186897

  • SQL/Data Analyst

  • Technology & Security Consultant

  • Description

Job Details

Jocancy Online Job Portal by jobSearchi.