This position will be based in Annapolis Junction, MD
Review and analyze all system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests.
Conduct audits of completed remediation packages for Plan of Actions and Milestones (POA&M) for completeness and compliance
Draft document review and feedback on application of security and privacy requirements (eg. technical review board (TRB), review of SPs, RA’s, contingency plan, POA&M reports).
Determine the impact of new technology or policy (e.g., CDM technologies, anomaly based tools, virtual environments, etc.) on the TSA information security program
Where requested, conduct meetings, including preparing, documenting, and recording minutes
Recommend, develop, and maintain monthly, quarterly, and annual Federal Information Security Management Act (FISMA) reporting documents in TSA’s required format.
Maintain and leverage existing Security scan tools and techniques including:
Tenable Security Center
AppScan Enterprise (including white and black box testing)
Burp Suite Pro.
Support implementation of new Security scan tools and techniques as necessary.
Prepare responses to federal ad hoc reporting requirements. The contractor shall provide to TSA an accomplishment report of Ad hoc Security Engineering services provided (Deliverable #4).
Prepare FISMA Reporting documents quarterly and annually.
Report on FISMA Inventory and provide POA&M reports monthly.
Develop alternatives of system designs and/or architectures which consider trade-offs between security requirements, functional/operational requirements and cost.
Determine the impact of new or changing applicable federal policy changes.
Determine the impact of new or revised legislation and regulations (OMB, HIPAA, FISCAM, etc.).
Provide security engineering subject matter expertise in coordination with Enterprise Architecture and Technical Review Board to conduct technical review board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms
Active Secret Clearance
Possesses and applies expertise on multiple complex work assignments which are broad in nature, requiring originality and innovation in determining how to accomplish tasks.
Has the ability to apply a comprehensive knowledge across key tasks and high impact assignments.
Plans and leads major technology assignments.
Evaluates performance results and recommends major changes affecting short-term project growth and success.
Functions as a technical expert across multiple project assignments. May supervise others.
Associate’s Degree Certification Information Systems Security Professional active (CISSP)
5 years of experience
The following experience is preferred, but not required:
Security Development lifecycle management;
Experience with a variety of Programming Languages including Java, PHP, C, .NET;
Experience with various Operating Systems including Windows, Linux and Unix. Network+, CCNA, Linux+, CEH, ECSA, OSCP.
If you are interested in working with our dynamic team, please forward your resume to firstname.lastname@example.org