|Title:||Senior Lead System Security Analyst|
The Lead System Security Analyst will be responsible for overseeing the overall duties of the System Security Analyst. The Lead will have functional knowledge in all areas of cybersecurity, but in particular the federal cybersecurity guidance documents including OMB Memorandums, FISMA, and NIST Special Publications.
- Develops security assessment plans for systems, including the objectives, scope, schedule, required documentation, possible risks, and other logistical items for security assessments; develops cloud service provider testing approach from security perspective;
- Provides validation of security control tests for cloud service provides; coordinating access to systems and approvals for scanning activities;
- Conducts ad hoc testing on an as-needed basis to assist with development activities or vulnerability remediation;
- Reviews/tests system security controls (managerial, operational, and technical) to determine adequacy against federal requirements (e.g., NIST SP 800-53) and mission context;
- Documents plans of action and milestones for corrective action following assessment activities and in response to identified vulnerabilities;
- Drafts security policies and procedures including the system security plan, and agency specific policies in accordance with NIST requirement;
- Routinely conducts risk assessments to quantify impacts of vulnerabilities;
- Recommends an appropriate security training program for employees.
Knowledge Skills and Experience:
- Degree in Computer Science or related discipline from an accredited college or University required.
- 10+ years IT Security experience, preferably in an ISSO or ISSM.
- Certification(s) in information technology (i.e. CISSP).
- Ability to implement information security requirements for IT systems through the Risk Management Framework (RMF).