||Falls Church, VA
||BS/BA degree or 4+ additional years' relevant work experience in a Computer Science, Information Systems, or a closely related Field. Relevant Experience with Computer Science, Computer Information Systems, Cyber Security, ISO 9001, 27000, CMMI for Development, ISO27001, SOC 2, SSAE18, NIST SP800-171, Cyber or Audits or Enterprise Systems may be substituted for Degree Requirements
||Working to obtain or possessing a, CISA, or CISSP or Microsoft Windows Server Certifications, Cisco certifications, VMware certifications, CompTIA Security+, CompTIA CASP, CompTIA, AWS Certifications, Microsoft Azure Certifications or other Information Security Certifications
Entry level 1+ years relevant work experience
Experienced 2-6+ years relevant work experience
||DoD SECRET or higher clearance is required
25% Out of town travel
- Experience in Information Technology processes.
- Writing/documentation related to large scale information technology systems, preferably for DoD and other government agencies.
- Technical education, training, certifications, and/or hands-on experience.
- Strong organizational skills (including helping to manage technical projects).
- Strong interpersonal skills (experience working with project managers, technical writing teams, developers, and customers).
- HTML/CSS knowledge is a plus.
- The Department of Defense Architecture Framework (DoDAF) experience is a plus.
- Federal Enterprise Architecture Framework (FEAF) experience is a plus.
- Prior military experience is a plus.
- FISCAM methodology using NIST 800-53r4 controls, NIST RMF, AU-C 320, or FFMIA a plus
Senior level candidates will be expected to have the following experience:
- Management Experience in IT, Cyber, or Financial Audits IT Documentation, Audit report experience with standards such as NIST SP800-53r4, NIST RMF, PCI DSS, ISO27001, HIPAA, HITRUST, SOC 1/2/3 reports, SOX, FedRAMP, NIST SP800-171r1.
- Reviewing reports such as System Security Plan (SSP), System Interface Agreements, Security Assessment Reports (SAR), SOC 1/2/3 Attestation Reports, NIST RMF package/documentation, STIG results/reports, Vulnerability Assessment/Reports, IT and Information Security Policy/Procedure documentation, Security Test & Evaluation (ST&E) reports, Security Control mapping documentation, DOD Cloud Computing Security Requirements Guide (SRG), Risk Assessment and Management documentation, Incident Response Plan, Business Continuity documentation (COOP), Concepts of Operations (CONOPS) documentation, reviewing Plans of Actions and Milestones (POA&Ms), etc
- Generating SOC Report
- RMF documentation
- NIST SP800-53r4 control reviews
- Reviewing and generating reports based on the FISCAM methodology
- Supporting Audit teams
- Security Test and Evaluation (ST&E) documentations
- Reviewing Security Technical Implementation Guides (STIGs)
- Reviewing DOD Cloud Security Requirement Guides (SRG)
- Reviewing Vulnerability Assessments
- Performing Security Assessments
- Performing Network Security Assessments
- Reviewing System Security Plans (SSP)
- Reviewing Plan of Actions and Milestones (POA&M) artifacts
|Physical Demands and Work Environment:
- Usual office working conditions and standard office equipment. Required to sit for long periods of time using a personal computer. Some light physical effort required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.
- Candidates must have current DoD Secret clearance or higher (application completion requires verifiable information regarding your U.S. citizenship, residence, education, employment history, family, associates, and foreign connections/travel as well as questions regarding criminal records, illegal drug involvement, financial delinquencies, certain types of mental health treatment, alcohol-related incidents and counseling, military service, prior clearances and investigations, civil court actions, misuse of computer systems, and subversive activities).
- Unable to work with 3rd party candidates or agencies.
- Only local residents to the Northern VA, DC, MD area will be considered.
- A writing sample may be required with your resume to be considered for this position