Position Overview: We are seeking an experienced Senior Security Assessment and Authorization (SA&A) Specialist to join our team. The contractor will work independently or under the supervision of the Security Engineer to review, update, and develop SA&A documents in accordance with federal standards. The successful candidate will ensure compliance with relevant security policies, participate in audit preparations, and coordinate SA&A activities in collaboration with the Security Assessments & Authorization Team for a federal government agency.
Key Responsibilities:
- Manage the agency’s Security Assessment & Authorization (SA&A) team and activities.
- Independently or under the direction of the Security Engineer, perform a variety of SA&A tasks as outlined in the Statement of Work (SOW).
- Review and update SA&A documentation to prepare for and address audits (e.g., Inspector General, Government Accountability Office).
- Stay current with FISMA, NIST, HHS, and other federal policies and guidelines related to security and risk management, informing the ISSO/Contracting Officer’s Representative (COR) of updates.
- Maintain General Support System (GSS) inventory, Security Program documentation, and related artifacts.
- Collaborate with the Security Assessments & Authorization Team on all SA&A re-authorization activities, ensuring accuracy in the SA&A Tracking Matrix.
- Participate in security-related training, including SA&A processes, Security Assessment Tools, SharePoint, and Microsoft Office programs.
- Conduct Privacy Impact Assessments (PIA) for new systems.
- Perform annual and periodic disaster recovery tests and update the agency’s Disaster Recovery Plan as necessary.
- Guide infrastructure and application System Owners through yearly NIST 800-53 assessments, ensuring thorough review.
- Work with System Owners and ISSO to establish FIPS-199 system categorization.
- Analyze Risk Assessment results and recommend appropriate security solutions.
- Provide assistance to System Owners, ISSO, CIO, and other agency staff throughout the SA&A process.
- Review and recommend improvements to SA&A documentation to ensure compliance and security.
Minimum Qualifications:
- Bachelor’s Degree or equivalent.
- Six years of relevant experience in Security Assessments and Authorizations, and experience with the Federal Risk and Authorization Management Program (FedRAMP).
- Strong understanding of FISMA, NIST, and other federal security frameworks and policies.
- Experience with Privacy Impact Assessments (PIA), disaster recovery planning, and system risk assessments.
- Ability to work independently or under the supervision of the Security Engineer on SA&A tasks.
- Experience coordinating and collaborating with multiple teams on security-related tasks.
- Strong organizational and communication skills.
- Knowledge of Security Assessment Tools, SharePoint, and Microsoft Office tools.
- Relevant certifications (e.g., CISSP, CISM, or equivalent) are preferred.
Carson is an Equal Opportunity Employer committed to diversity and inclusion. We provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Carson is committed to compliance with Maryland law, including reasonable accommodations for disabilities and religious practices. We encourage applicants from all backgrounds to apply.
Job Type: Full-time
Pay: $100,000.00 - $125,000.00 per year
Benefits:
- 401(k)
- Dental insurance
- Disability insurance
- Health insurance
- Health savings account
- Life insurance
- Paid time off
- Professional development assistance
- Tuition reimbursement
- Vision insurance
Experience:
- Cybersecurity: 6 years (Required)
- SAA: 6 years (Required)
Ability to Commute:
- Rockville, MD 20850 (Required)
Ability to Relocate:
- Rockville, MD 20850: Relocate before starting work (Required)
Work Location: In person