Workstream lead for ensuring client’s Federal Identity, Credential, and Access Management (FICAM) services are in compliance with Federal Information Security Management Act (FISMA) requirements, and that FICAM services are being used throughout the enterprise in fulfilling Cybersecurity controls. Provide FICAM subject matter expertise (SME) support to Information System Security Officers (ISSO) as they conduct Assessment and Authorization (A&A) reviews of the services and systems that make up FICAM security services, including identity management, credentialing, PIV issuance, authentication, and single sign-on. Provide SME support and assistance to ISSOs as they ensure that applications and systems are using FICAM security services to meet their FISMA requirements during development and for their Authority to Operate. Derive requirements from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, and SP 800-63, and government policies to deliver tools to ISSOs for use during their A&A and milestone reviews. Assist with the review of system security plans, risk assessments, and risk-based decisions that relate to FICAM security services and their use. Review application and FICAM Service Component Business Requirements Documents for adherence to enterprise architecture and develop whitepapers based on findings and recommendations to improve compliance with the clients Cybersecurity objectives.
- 3+ years of experience with interacting and reporting to agency leadership and directors of various organization functional areas
- Experience with A&A and Authority to Operate processes
- Knowledge NIST SP 800-53 and SP 800-63, FICAM Roadmap, and Cybersecurity concepts and guidance
- Ability to communicate and simplify complex concepts
- Ability to obtain a security clearance
- BA or BS degree
- Experience with FICAM principles and technologies
- Experience with NIST SP 800-63, 800-53, OMB M-04-04, M-11-11, HSPD-12, and the e-authentication framework
- Experience in working with field security support services and ISSO
- Experience with Enterprise Architecture
- Knowledge of systems engineering processes and system life cycle security engineering
- Possession of excellent oral and written communication skills
- BA or BS degree in CS, Engineering, or a technical field
- Certification in a related field, including CISSP or Security+
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.