Information Assurance Security Specialist

Responsibilities

OBXtek is staffing for an Information Assurance Security Specialist (IASS) to support the Department of State Consular Affairs (CA/CST) Bureau.

The IASS tasks and responsibilities include:

• Working as an information system security subject matter expert (SME) on FISMA, NIST standards and guidelines, Privacy Act, HIPAA, E-Gov, OMB Circulars A-11 and A-130, and Clinger-Cohen as they apply to data and application security.
• Responsible for Assessment and Authorization (A&A) activities for Consular Affairs / Consular Systems and Technology (CA/CST) automated information systems (AIS) and provides A&A support for domestic and oversea deployed systems, as well as A&A activities on Cloud systems (IAAS, SAAS, and PAAS).
• Tracks and reports status of their assigned A&A’s and brings any obstacles that may impact the completion of the A&A to the attention of the A&A Task Lead and the Program Manager (PM) in a timely manner.
• Ensures that A&A packages are submitted to IA and follows up to ensure IA approval of each phase of the A&A process prior to systems’ Authorized to Operate (ATO) expiration date.
• Analyzes production system configuration change requests (CCR) of existing systems to determine security impact using the Security Impact Analysis (SIA) process, and initiates required actions to maintain security posture and authorization status.
• Supports weekly or monthly meetings with Government Technical Monitors (GTMs) and developers. Schedules and facilitates boundary meetings, RMF Step 1 Kick-off meetings, System Categorization meetings and RMF 1-3 Working Groups.
• Gathers required information to support system authorization by organizing technical working groups, conducting fact-finding interviews, attending system demo, assessing system security categorization (SCF) levels, establishing system security control baseline, acting as a security advisor to the GTM during the security controls implementation.
• Draft and maintain project schedules for each of their assigned systems as they go through the RMF process.
• Develops, updates, and maintains the following security application documentation:
  • Security Categorization Form (SCF)
  • E-Authentication Form (eRA)
  • System Security Plan (SSP)  
• Supports the Contingency Plan (CP) SME and Privacy Impact Assessment (PIA) SME in the development of the following security application documentation: 
  • Information System Contingency Plan (ISCP)
  • Privacy Impact Assessment (PIA)  
• Completes data calls in a timely manner which include but not limited to Quarterly POA&M data calls. Reviews, monitors, and reports POA&Ms status to all parties including PM, ISSS GTM, System GTM, System Development Team, and System Operation Teams.
• Provides guidance to System GTM and System developers as it related to the A&A process using both the National Institute of Standard and Technology (NIST) Special Publication (SP) 800 series and Department Foreign Affairs Manual (FAM) guidelines.
• Assists and advises System GTMs and System developers in the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet AIS security requirements. 
• Attends Agile security scrum meeting with stakeholders and provide feedback during those meetings.

Qualifications

Active Secret Clearance.

Education:

• Bachelor’s degree in computer science, Information Technology, Information Assurance, Cybersecurity, or related field.

Experience:

• 3-5+ years’ experience in the Risk Management Framework process, cybersecurity, information assurance, or IT.
• Extensive knowledge of FISMA Compliance and NIST guidelines including Risk Management Framework (RMF), and the NIST SP 800 series.
• Hands-on experience writing System Security Plans (SSPs), Security Categorization Forms (SCF), and other various RMF Steps 1-3 documentation.
• Experience conducting RMF Steps 0, 1, 2, 3, & 6.
• Proficient writing and communication skills.
• Experience working in an Agile environment.
• Experience performing RMF 1-3 activities on systems within the cloud and/or hosted on FedRamp approved IAAS, SAAS, or PAAS.
• Ability to work in fast-paced environments.
• Working experience with the Archangel GRC tool.
• Proficient with SharePoint, Microsoft Teams, Confluence, Microsoft Project, and Office 365.

Certifications which are nice to have:

• CAP, CISSP, or other IT and security-related certifications.

Security Clearance

Secret

Company Information

Headquartered in McLean, Virginia and founded in 2009, OBXtek is a growing leader in the government contracting field. Our mission is Our People…Our Reputation. Our people are trained professionals who enhance our customers’ knowledge and innovation using technology, collaboration, and education.

We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement program and much more.

OBXtek pairs lessons learned across disciplines with best practices and industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO. Our rapid growth has been recognized by INC500, the Washington Business Journal, and Washington Technology magazine.

OBXtek is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, gender identity, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.