This is an exciting full-time opportunity to work in a fast-paced team environment supporting one of the largest organizations for the US Federal Government. We take an innovative and collaborative approach to supporting our client, working in an agile environment using emerging technologies. You will be interacting with a dynamic team of people, with opportunities to learn and grow as you help deliver the overall solution to our client.
The qualified candidate will act in the capacity of senior security analyst for a FIPS 199 moderate to high impact Cloud systems (IaaS, PaaS or SaaS).
The selected candidate's role is the information security subject matter expert for a large financial system implemented in a commercial cloud. The role is responsibility for the proper operation of NIST 800-53 rev 4 security controls. It requires coordinating and working with government employees, project contractors, Cloud service providers, COTS product vendors, business analysts, IT architects, and engineers who design, implement and test security controls in the context of the NIST 800-37 Risk Management Framework. The role is also responsible for providing expertise to project stakeholders on issues involving security and compliance with Federal laws and regulations.
Your future duties and responsibilities:
The candidate is expected to work with minimal supervision, lead teams, accept greater responsibility for completion of assignments, commensurate with level of experience.The successful candidate will have more than 10 years of Information Assurance (IA) experience. Experience must show increasing involvement and responsibility for the implementation, documentation, and continuous monitoring of security controls with large and complex IT systems. 1-3 years experience implementing, documenting, and continuous monitoring of security controls with IT systems operating in the Cloud.
Specific duties include
- Provide subject matter expertise to technical, operational, and management teams to meet the respective security requirements of the customer's Risk Management Framework based on NIST's 800-37.
- Lead the effort to develop, update, and maintain system security documentation
- Coordinate activities between disparate groups to implement the customer's continuous monitoring program for the system.
- Support the customer's Assessment & Authorization (A&A) process
- Represent CGI in customer meetings on all matters concerning information security and data privacy through the life-cycle of system
- Develop strategies to address customer's concerns with security and privacy of sensitive data used by the system in a Cloud environment
- Author and co-author white papers to address security and privacy issues relevant to the systems life-cycle
Conduct vulnerability scans and update and manage the POAM
Required qualifications to be successful in this role:
- Due to the nature of this government contract, US Citizenship is required.*
- Must have a Bachelors Degree and at least 5 years of security and cloud experience.
- A certification from ISC2, GIAC, EC-Council, or CyberSecurity Institute, like CISSP and CAP.
- Security training certification that meets DoD 8570 Information Assurance Workforce Improvement Program desired
- Continuous monitoring experience with moderate and high impact systems.
- Working knowledge of these National Institute of Standards and Technology (NIST) Special Publications 800 series (listed in priority):
- 800-37 (Risk Management Framework Process)
- 800-18 (System Security Plans)
- 800-30 (Risk Assessment)
- 800-53 (Security Requirements)
- 800-63 (E-Authentication)
- Federal Processing Standards (FIPS), especially 199 (Security Categorization).
- If no experience with NIST, then working knowledge of Dept of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) or the new DoD information assurance policy 8500.1 and the risk management framework
- If no experience with NIST and DITSCAP, the working knowledge of NSA Information Assurance Process
- Experience with vulnerability management and security auditing tools, such as Nessus or similar tools. Update and maintenance of plan of action and milestones (POAM).
- In addition, the candidate must have a demonstrated understanding of IT security principles, concepts, policy and regulations. Demonstrated ability to effectively document security controls.
- Proficient with Microsoft Word, Excel and Microsoft Project
What you can expect from us:
- Prior IT technical experience as a system administrator, systems integration, or systems design also desirable, but not necessary.
Build your career with us.
It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.
At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.
Be part of building one of the largest independent technology and business services firms in the world.
Learn more about CGI at www.cgi.com.
No unsolicited agency referrals please.
CGI is an equal opportunity employer.
Qualified applicants will receive consideration for employment without regard to their race, ethnicity, ancestry, color, sex, religion, creed, age, national origin, citizenship status, disability, medical condition, military and veteran status, marital status, sexual orientation or perceived sexual orientation, gender, gender identity, and gender expression, familial status, political affiliation, genetic information, or any other legally protected status or characteristics.
CGI provides reasonable accommodations to qualified individuals with disabilities. If you need an accommodation to apply for a job in the U.S., please email the CGI U.S. Employment Compliance mailbox at US_Employment_Compliance@cgi.com. You will need to reference the requisition number of the position in which you are interested. Your message will be routed to the appropriate recruiter who will assist you. Please note, this email address is only to be used for those individuals who need an accommodation to apply for a job. Emails for any other reason or those that do not include a requisition number will not be returned.
We make it easy to translate military experience and skills! Click here to be directed to our site that is dedicated to veterans and transitioning service members.
All CGI offers of employment in the U.S. are contingent upon the ability to successfully complete a background investigation. Background investigation components can vary dependent upon specific assignment and/or level of US government security clearance held.
CGI will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with CGI’s legal duty to furnish information.