Position Summary:
GSC is a leading cyber security and information technology company based in Washington, DC. We are looking to hire a Senior Security Application Engineer to support a full range of cyber security services on a long-term contract in Washington DC. The position is full-time/permanent and will support a US Government civilian agency. The position is available immediately upon finding a qualified candidate with the appropriate background and security clearance.
Job Requirements:
- Lead security authorization activities in compliance with RMF, e.g., NIST 800-53r5, NIST 800-37
- Validate and verify system security requirements definitions and analysis and establish system security designs
- Design and develop system security plans to include information security controls at the networking, computing, and enclave levels for multiple programs, including those with multiple enclaves and differing data protection/classification requirements
- Assists systems architects, engineers, and developers in the identification and implementation of appropriate information security functionality to ensure uniform application of security policy and enterprise solutions
- Assess and mitigate system security threats/risks throughout the program life cycle and work with the Systems Administration or Engineering teams to mitigate the risks
- Oversee continuous monitoring efforts and other program compliance activities
- Obtain quality documentation reviews of all FISMA compliance and system documentation across the agency enterprise, and execute day-to-day FISMA compliance monitoring, including CDM program activities
- Able to perform security control assessment in using NIST 800-53A publication as well as OMB A-130 and OMB A-123 circulars
- Performing Security Impact Analysis (SIA)
- Creating and tracking and managing Plan of Actions and Milestones (POA&Ms) in CSAM
- Creating documents: such as System Security Plan (SSP), Security Assessment Report, Contingency Planning, Incident Response Plan, policies, procedures, Executive summary, Interconnection Security Agreements (ISA) as part of information security continuous monitoring process, Privacy Impact Assessment (PIA), Privacy Threshold Assessment (PTA)
Requirements:
- Minimum 10 years of IT cybersecurity experience including direct support for the U.S. Government and 7 years acting as an ISSO, assessor, or compliance analyst for enterprise IT systems ; Note: A relevant Master’s Degree in IT, Computer Science, or Engineering can substitute for three (3) years of IT cybersecurity experience (including direct support for the U.S. Government) and for two (2) years acting as an ISSO, assessor, or compliance analyst
- At least two of the following security certifications are required: Certified Authorization Professional (CAP), Certified Information Systems Security Officer (CISSO), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP)
Security Clearance Requirement:
- Active Public Trust and eligible to obtain a Secret clearance
Job Category: Information Technology (IT) and Cybersecurity.