• Cybersecurity Certifcation Agent

    Job Location US-DC-Washington
    Posted Date 1 month ago(6/13/2019 12:02 PM)
    Job ID
    1856
    Clearance Requirement
    Secret
  • Overview

    Strategic Enterprise Solutions, Inc. (SE Solutions) is a proven, results-focused cybersecurity, management, and information technology services firm committed to support federal agencies that focus on protecting and defending our nation’s homeland security, intelligence, and stability. In a rapidly changing threat landscape, we have the organizational agility, deep homeland security experience, cultural insight and multidisciplinary expertise to help our customers accomplish today’s mission and anticipate tomorrow’s demands, efficiently and cost-effectively.

     

    As a member of one of our DHS support teams, you will play an important role as the Certification Agent (CA). Activities include:

    • Assess the organizations existing cybersecurity program, work products, and tools in relation to key agency missions, security goals, and objectives.
    • In coordination with stakeholders, articulate risk in relation to mission/business objectives.
    • Provide Quality Assurance for all documentation and processes that support security authorization.

    Contributions

    • Ensuring System Owner is always responsible for the information system and security.
    • Coordinates with Information System Security Officers (ISSO) from Phase 1 to Phase 6 of the Risk Management Framework.
    • Ensuring ISSO perform appropriate security actions for assigned information systems throughout entire RMF process to include reviewing the ISSO checklist to ensure system meets compliance requirements.  
    • Daily review of the FISMA Scorecard to ensure ISSO are addressing any discrepancies that may reduce the scorecard.
    • Understand how the FISMA scorecard is calculated to provide proper guidance to ISSO, SCA, System Owner.
    • Ensuring that security requirements for the assigned major application or general support system are being or shall be met; including, but not limited to ensuring the preparation and accuracy of the Contingency Plan, Contingency Plan Test, Configuration Management Plan, Security Plan, and related security documents.  The CA also ensures that the security controls within the Security plan are inherited and implemented properly.
    • Ensuring that requests for Security Authorization (SA, also commonly referred to as Assessment & Authorization or Certification and Accreditation) of assigned major application or general support system is completed in accordance with the published procedures.
    • Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.g. NIST 800-30, 37, 39).
    • Reporting IT security incidents (including computer viruses) in accordance with established procedures.
    • Reporting security incidents not involving IT resources to the appropriate security office and representing the security team as part of change management for assigned information systems.
    • Review Fortify, App Detective, WebInspect, and Nessus findings within a remediation plan and provide feedback to ISSO. 
    • Captures remediation findings and ensures mitigation of vulnerabilities.
    • Coordinates audit responses as needed in accordance with OIG, A-123, FISMA, and applicable policies and directives.
    • Communicating in a timely fashion with all stakeholders to include system owner, government POCs, and external vendors as appropriate. 

    Qualifications

    • Bachelors Degree or higher; preferably in computer science, information technology, or a related field
    • Minimum Years of Relevant Experience
      • 7 years of overall experience including the following
      • 5 or more years within the information technology domain
      • 5 or more years directly supporting security of IT systems
    • Security Certification
    • Active Secret Clearance

     

    Required Skills

    • Familiarity with one or more of DHS Directive 4300A, FIPS Pubs 199 & 200, and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60
    • Experience as an Information System Security Officer (ISSO), SCA, or ISSE
    • Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring
    • Experience with POA&M management
    • Familiarity with FedRamp
    • Performing Security Authorization
    • Performing Risk Analysis and Assessment

    The candidate should be able to support a minimum of four of the areas listed:

    • Security Control Assessment
    • Security Code Analysis
    • Document Review and Security Technical Writing
    • Risk Assessment and Risk Management
    • Policy and Audit Services

    Desired skills

    • Experience using the XACTA and/or similar Risk Management/Compliance Tool.
    • Experience analyzing vulnerability scans from tools such as Tenable and/or Nessus.

     

    About SE Solutions

    Strategic Enterprise Solutions, Inc. (SE Solutions), is a small business serving federal agencies that protect our nation’s security and defend our fellow citizens’ safety. We bring homeland security experience, organizational agility, and multidisciplinary expertise to help our clients respond to a rapidly changing threat landscape, accomplish today’s mission, and anticipate tomorrow’s demands. For more information, visithttp://www.sesolutions.com.

     

    We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. SE Solutions participates in the E-Verify program. 

     

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed