Description: TGTG is seeking an Information Security Analyst with experience supporting federal government initiatives. As an Information Security Analyst on our team, you will use your experience to discover security risks, understand applicable policies, and develop a mitigation plan. The candidate will review technical, environmental, and personnel details from SMEs, users, clients, and task leads to assess the entire threat landscape. The candidate will provide support for all aspects of a yearly security review to achieve an Authority to Operate including develop Standard Operating Procedures to document a program’s security posture and provide evidence in eMASS to close out controls and findings. They will work with the client to translate security concepts, so they can make the best decisions to secure their mission critical systems. A strong understanding of the Risk Management Framework and its application in eMASS is needed. A Public Trust clearance process will be initiated if the candidate is chosen for the opportunity. This is a full-time remote position. Veterans are encouraged to apply. Responsibilities: - Experience in managing complex system records in the Enterprise Mission Assurance Support Service (eMASS) tool.
- Experience with supporting system Authority to Operate (ATO) processes and creating artifacts, control implementation details, and Plans of Action and Milestones (POA&Ms)
- Experience with Information Security Continuous Monitoring (ISCM), RMF automation, and Comply to Connect
- Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), and security compliance processes
- Experience with Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit Manual (FISCAM) criteria
- Ability to facilitate meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders
- Apply VA security policies as outlined in the VA 6500 Handbook and the VA Assessment and Authorization (A&A) SOP
- Ensure Assessment and Authorization packages conform to the format provided for the program
- Applies analytical and systematic approaches in the resolution of problems of workflow, organization, and planning
- Identify, manage, and verify security requirements, to include security controls, in the same manner as all other system requirements, ensuring traceability
- Work with developers and other team members to assist with the creation and maintenance of RMF packages
- Implement security controls through Systems Engineering Technical Processes
- Provide security support for planning, design, development, testing, demonstration, integration of information systems
- Develop a System Security Plan using the Risk Management Framework
- Development and adjudication of each Plan of Action and Milestones (POA&M), conduct Security Technical Implementation Guide (STIG) reviews, and complete remediation of finding
- Provide full Security incident management
- Review monthly Nessus vulnerability scan results
- Coordinate and review quarterly penetration tests
- Coordinate and review database scans
- Mitigation of vulnerabilities derived from security scans.
- Create and update documentation in accordance with overarching agency policy and guidelines
- Setup and run business continuity/disaster/incident exercises
- of the organization, while identifying symptoms for process improvement.
|