Senior Cyber Security Specialist - ISSO Lead

Project Overview:

Summary of Major Job Functions:

Primary Responsibilities:

• Ensuring that the cybersecurity practices implemented via the program are in compliance with Agency and contract requirements.
• Identifying and implementing areas for process improvement within the team for security related responsibilities.
• Documenting team processes and procedures.
• Assigning security related work to team members and other resources and tracking that work to completion.
• Writing SSPPs, FIPS 199s, PTA, BIAs, CPs, and SIAs for a variety of IT systems.
• Ensuring authorization boundaries are in compliance with continuous monitoring requirements.
• Review documentation completed by direct and non-direct reports to ensure compliance with Agency requirements.
• Review IT changes to evaluate them for compliance with security requirements.
• Overseeing and executing access management processes including authorization, implementation, and recertification. 
• Overseeing and executing vulnerability management processes including scanning, analysis, tracking, and closure.
• Managing POA&Ms to include writing the mini projects (action plans and milestones) and tracking them to completion.  
• Working with technical resources to ensure that the boundary inventories are accurate and updated as required.
• Work with cross-functional teams to scope, plan, conduct and document annual contingency plan testing.
• Participate in incident response activities.
• Serve as a subject matter expert regarding NIST security documentation, Agency security policy, and Executive Orders on security.
• Function as a SME and liaison for internal and external security audits and assessments.
• Preparing slides and briefings related to security.
• Complete ad hoc security tasks as needed.

• 5-8 Years of relevant experience.
• Experience with NIST security requirements 
• Writing security documents.
• Team organization and management.
• Meeting planning and facilitation.
• POA&M management.
• Vulnerability management.
• Experience with taking systems through the A&A process resulting in the award of a full ATO.
• Excellent verbal and written communication skills.
• The ability to track multiple workstreams simultaneously. 

Education/Experience:

• Bachelor’s degree in computer science, Cyber Security or related discipline.
• Minimum 5-8 years of relevant work experience.
• Experience managing teams/direct reports.
• Experience briefing upper level management on security issues.
• Experience with process analysis and improvement.
• Experience with analyzing vulnerabilities to identify false/positives.
• Experience creating scan profiles and running web scans.
• Experience with GRC tools, Jira, Google Apps, web and OS scanning tools.
• Experience planning, managing, and running contingency plan testing.
• Experience with incident response activities.
• At least two (2) of the following:
• ISC2 Certified System Security Professional (CISSP)
• CompTIA Security+
• ISC2 Certified Authorized Professional (CAP)

Additional Requirements:

• Ability to pass a US Public Trust background investigation for access to the client site and computing systems. You must have lived in the US for the past three (3) years.
• All candidates will be subject to a complete background check to include, but not limited to Criminal History, Education Verification, Professional Certification Verification, Verification of Previous Employment and Credit History.

Other Information:

• The salary range for this position is $66,000 - $103,000 annually.
• For information on SFI's benefits please visit http://www.spatialfront.com/pages/career.html
• This is a full-time W-2 position.
• Spatial Front Inc. is an Equal-opportunity Employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
• Spatial Front Inc. participates in E-Verify