Senior Security Authorization Analyst

Position Description:

The key responsibilities of this position are to carry out the agency’s application security authorization programs.  This includes developing FISMA ATO packages using the RMF process (NIST SP 800-37) for enterprise applications. As a Senior Security Analyst, the candidate should be able to direct and mentor less senior Authorization Analysts.

Education and Experience:

  • B.S. or equivalent experience in the Information Security or related field.

  • Extensive knowledge of government security regulations, such as NIST SP 800-53, and have prior experience in defining security requirements that can satisfy all relevant government security and privacy regulations and guidelines.

  • 7+ years of experience in developing FISMA and/or DIACAP authorization documentation for an Authority To Operate (ATO) enterprise applications on government networks.

Required Skills and Competencies:

  • Ability to selection, implement, assess, and monitor security controls, and the authorization of information systems implementing the Risk Management Framework (RMF) pursuant to NIST SP 800-37

  • Ensure appropriate interconnection agreements are documented such as Service Level Agreements (SLA) and Interconnection Security Agreement (ISA) for each system undergoing Security Authorization

  • Assess enterprise applications to ensure completeness of applicable NIST controls according to the categorization of the system

  • Coordinate with NRCS IT Security Managers, system owners, project managers, in the preparation of security documentation for the purpose of maintaining Assessment and Authorization (A&A)

  • Review and validate all security documentation in relation to the Assessment and Authorization (A&A) Process

  • Comprehensible knowledge of the Cyber Security Assessment and Management (CSAM) tool to identify common threats and vulnerabilities and support security control baselines to achieve FISMA compliance

  • Ability to track, create and manage information technology (IT) weaknesses, Plan of Action and Milestones (POA&M) , utilizing the Cyber Security Assessment and Management (CSAM) tool

  • Ability to perform security categorizations and identification of financial systems and other systems containing Personally Identifiable Information (PII)

  • Comprehensive knowledge to identify hybrid, inherited and common controls

  • Application of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security controls to meet both FISMA and A-123 Appendix A

  • Ability to perform continuous monitoring of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev 3 security controls

  • Identify common threats and vulnerabilities and support security control baselines to achieve FISMA compliance

  • Prepare kickoff briefing, templates, project timelines and other the necessary documents to conduct Security Authorization (SA) Kickoff meetings

  • Review Security Authorization documents for integrity and completeness with respect to testing and risk analysis

  • Ability to interpret security requirements into technical solutions and analyze system configurations to determine security posture

Desired Skills:

  • Good at providing security services to multiple teams, and be able to interact appropriately in highly charged emotional situations.  Must be able to justify and defend matters involving significant or sensitive issues. Skilled in effectively working with personnel and managers with divergent educational and cultural backgrounds.

  • Ability to use consensus building, negotiation, coalition building, and conflict resolution techniques sufficient to establish and maintain effective communication channels with multiple stakeholders and teams.

  • Perform operating effectiveness testing of the Data Management system and its underlying DCRB GSS to determine if the necessary minimum security requirements are implemented in close collaboration with DCRB staff.

The testing will include, but is not limited to the following:

  • System Security Plans

  • Business Impact Assessments

  • Information System Contingency Plans

  • Security Assessment Plans

  • Hardware and Software Inventory

  • Security Assessment Reports

  • Incident Response & Readiness Assessment

  • Privacy Impact Assessments

  • Configuration Management Plans

  • Plan of Action & Milestones

  • Penetration & Vulnerability Testing

Centricity seeks highly-experienced professionals who can quickly adapt to our clients’ dynamic environments. Centricity employs passionate and dedicated multidisciplinary professionals with expertise spanning the realm of IT and management consulting services. To apply, please send a cover letter, resume & availability to

Jen Coy