Senior Information Security Specialist
In this position, you are a Senior Information Security Specialist responsible for providing security-related support services to a portfolio of existing operational systems of varying sizes and complexity. Your primary responsibility is to help ensure the program office, system owners and engineering staff are responsive to the agency’s security related inquires, comply with policies and security controls, and maintain security authorization artifacts. You will act as a liaison to communicate and provide timely/accurate responses to federal and agency security related data calls (e.g., FISMA reporting, assets with known vulnerabilities) to include interpreting changes to policies, standards, and procedures. In addition, you will provide expertise and guidance to implement applicable security controls throughout the system development lifecycle. You will work in a customer-facing role in a dynamic team environment with multiple touchpoints interfacing with many stakeholders.
Applicants must be U.S. Citizens or Green Card holders
- Work closely with the program management office, system owners and engineering staff to provide guidance on whether security policies, standards and procedures are properly implemented
- Analyze new or updated security policies and data calls, collaborate with stakeholders, and develop responses that are clear and accurate
- Collaborate with ISSOs and system owners to maintain and update system security documentation related to ATO and annual assessment.
- Support the review/update of security authorization artifacts such as System Characterization Documents, System Security Plans, System Contingency Plans, Privacy Threshold Analysis, and others as needed
- Interpret security risk assessment, review security scan results, assess security vulnerabilities and support the development/tracking of Plan of Action and Milestones (POA&Ms) mitigation and/or risk acceptance
- Support the development and modification of implementation and design documents describing how security features are implemented
- Work with engineering personnel to document remediation actions for system vulnerabilities and non-compliance
- Analyze and interpret agency security requirements to communicate to non-security savvy personnel
- Collaborate with the system maintainer to support continuous monitoring efforts
- Provide Splunk Administration Support to include working with existing Splunk applications and add-ons to fulfill customer needs, defining auditable events, create/update dashboards, review suspicious activities, edit configuration files/apps and continuously review logs
- 5 years of relevant experience with bachelor’s degree in relevant field or 3 years of relevant experience with master’s degree in relevant field
- Must hold one of the following certifications: CISSP or CASP+
- Familiarity with such tools such as Splunk, Tenable’s Nessus and/or Security Center, Network Mapper (NMAP), App DetectivePro, HP Web Inspect, or similar applications
- Experience working with Azure/AWS cloud computing services, databases, networks, hardware, firewalls, cross-domain solutions, and encryption in a cyber-security role
- Thorough knowledge of NIST 800 Special Publications, Federal Information Processing Standards (FIPS) and other significant federal regulations
- Strong background and extensive experience with Risk Management Framework (RMF)
- Must be familiar with and have previous experience with the security authorization process including the review of system security documentation, i.e., system boundary definition, systems security plan, configuration management plan, contingency plan, and security agreements (e.g., MOUs, ISAs), etc
- Experience evaluating systems, assessing system risks and security findings, and recommending mitigation and remediation actions
- Knowledge of electronics theory, IT, telecommunications, and supervisory control systems including cryptography, vulnerability assessment, and exploitation techniques
- Knowledge and experience with requirements risk management, security engineering, and security architecture
- Excellent interpersonal skills, including the ability to work on multi-functional teams
- Familiarity with USDA Forest Service security policies, procedures and control
- Experience using NIST SP 800-60 Guide for Mapping IT Systems
- Experience using NIST SP 800-160 Systems Security Engineering
- Experience using NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations
- Experience using NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- Certified Information Systems Auditor (CISA) Certification
- Proficiency using CSAM (Cyber Security Assessment Management) tool
- Vendor specific cloud certifications ( AWS, Azure, GCP)
- Must be a U.S. Citizen and pass a background investigation for Public Trust
- Must be willing to undergo a background investigation
- Prefer local to Northern Virginia but remote work is acceptable
- Medical, Dental & Vision coverage
- Life Insurance
- Short, Long Term Disability Insurance
- PTO & Federal Holidays Off
- 401(k) Plan
- Access to state-of-the-art gymnasium (at TechTrend HQ)
- Premium coffee bar (at TechTrend HQ)
TechTrend, Inc.TechTrend, Inc. is a veteran-friendly small business providing expert solutions, products, and services to the federal government. Founded in 2003, we continue to evolve with capabilities in cybersecurity, devsecops, cloud managed services, cloud migration, and application development. We are a Microsoft Gold Partner and leading provider of Azure cloud services. TechTrend is recognized as a trusted partner delivering knowledge and guidance for our client’s most critical and complex support and service needs. As a liaison for positive organizational change, we form relationships and build bridges while ensuring quality across functions—gaining buy-in from both leaders and end-users and removing barriers to mission success. Our established processes ensure quality delivery of results by maximizing efficiency, productivity, and client satisfaction enterprise wide. TechTrend is a fast-growing company with a dynamic, inclusive corporate culture headquartered in a state-of-the-art facility near the well-known Fairfax Mosaic District.
Join the TechTrend Talent Pool
We are always on the lookout for professionals who want to bring their experience, demonstrated talent, and vision to TechTrend. Is that you? If so, send a message to our hiring coordinator using the form below. If your skills are a good fit for our business strategy, we’ll be in touch.
TechTrend Job Application
TechTrend does not discriminate on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status, in any of its activities or operations. These activities include, but are not limited to, hiring and firing of staff, selection of vendors, and provision of services.
We are committed to providing an inclusive and welcoming environment for all members of our staff, subcontractors, vendors, and clients. We will not discriminate in employment, recruitment, advertisements for employment, compensation, termination, promotion, and other conditions of employment against any employee or job applicant on the basis of race, color, gender, national origin, age, religion, creed, disability, veteran’s status, sexual orientation, gender identity, or gender expression.