Senior Security Authorization Analyst
The key responsibilities of this position are to carry out the agency’s application security authorization programs. This includes developing FISMA ATO packages using the RMF process (NIST SP 800-37) for enterprise applications. As a Senior Security Analyst, the candidate should be able to direct and mentor less senior Authorization Analysts.
Education and Experience:
B.S. or equivalent experience in the Information Security or related field.
Extensive knowledge of government security regulations, such as NIST SP 800-53, and have prior experience in defining security requirements that can satisfy all relevant government security and privacy regulations and guidelines.
7+ years of experience in developing FISMA and/or DIACAP authorization documentation for an Authority To Operate (ATO) enterprise applications on government networks.
Required Skills and Competencies:
Ability to selection, implement, assess, and monitor security controls, and the authorization of information systems implementing the Risk Management Framework (RMF) pursuant to NIST SP 800-37
Ensure appropriate interconnection agreements are documented such as Service Level Agreements (SLA) and Interconnection Security Agreement (ISA) for each system undergoing Security Authorization
Assess enterprise applications to ensure completeness of applicable NIST controls according to the categorization of the system
Coordinate with NRCS IT Security Managers, system owners, project managers, in the preparation of security documentation for the purpose of maintaining Assessment and Authorization (A&A)
Review and validate all security documentation in relation to the Assessment and Authorization (A&A) Process
Comprehensible knowledge of the Cyber Security Assessment and Management (CSAM) tool to identify common threats and vulnerabilities and support security control baselines to achieve FISMA compliance
Ability to track, create and manage information technology (IT) weaknesses, Plan of Action and Milestones (POA&M) , utilizing the Cyber Security Assessment and Management (CSAM) tool
Ability to perform security categorizations and identification of financial systems and other systems containing Personally Identifiable Information (PII)
Comprehensive knowledge to identify hybrid, inherited and common controls
Application of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security controls to meet both FISMA and A-123 Appendix A
Ability to perform continuous monitoring of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev 3 security controls
Identify common threats and vulnerabilities and support security control baselines to achieve FISMA compliance
Prepare kickoff briefing, templates, project timelines and other the necessary documents to conduct Security Authorization (SA) Kickoff meetings
Review Security Authorization documents for integrity and completeness with respect to testing and risk analysis
Ability to interpret security requirements into technical solutions and analyze system configurations to determine security posture
Good at providing security services to multiple teams, and be able to interact appropriately in highly charged emotional situations. Must be able to justify and defend matters involving significant or sensitive issues. Skilled in effectively working with personnel and managers with divergent educational and cultural backgrounds.
Ability to use consensus building, negotiation, coalition building, and conflict resolution techniques sufficient to establish and maintain effective communication channels with multiple stakeholders and teams.
Perform operating effectiveness testing of the Data Management system and its underlying DCRB GSS to determine if the necessary minimum security requirements are implemented in close collaboration with DCRB staff.
The testing will include, but is not limited to the following:
System Security Plans
Business Impact Assessments
Information System Contingency Plans
Security Assessment Plans
Hardware and Software Inventory
Security Assessment Reports
Incident Response & Readiness Assessment
Privacy Impact Assessments
Configuration Management Plans
Plan of Action & Milestones
Penetration & Vulnerability Testing
Centricity seeks highly-experienced professionals who can quickly adapt to our clients’ dynamic environments. Centricity employs passionate and dedicated multidisciplinary professionals with expertise spanning the realm of IT and management consulting services. To apply, please send a cover letter, resume & availability to firstname.lastname@example.org.