Job summary:


Title:
Security Analyst - W2 or 1099 Only

Location:
Washington, DC, United States

Length and terms:
Long term - W2 or 1099 Only


Position created on 04/14/2021 06:37 pm

Job description:


**** W2 or 1099 Only - No c2c ***webcam interview *****Very long term project; initial PO till 9/30/2021  with multi year extensions *** Initial remote due to covid then onsite; must be able to pick up laptop in person 

Core Duties: 

 

  • Perform security assessments and review system security documentation based on FISMA and FedRAMP requirements
  • Develop, review, and update Certification and Accreditation (C&A) packages and Authority to Connect (ATC) documentation for systems hosted and owned by D.C. and Cloud environments
  • Maintain and manage the required systems security documentation on the Sharepoint Site:
  • System Security Plans (SSP)
  • Risk Assessments (RA)
  • Contingency Plans (CP) and testing
  • Federal Information Processing Standard Publication 199 (FIPS 199) Security Categorization
  • Privacy Impact Assessments (PIA)
  • Security Control Assessments (SCA) Certification
  • Annual and quarterly security documentation review and testing
  • ATO / ATC certifications and recertifications
  • Security Self Assessments (SSA)
  • Memoranda of Understanding (MOU)
  • Interconnection Security Agreement(s) (ISA)
  • Develop and update the IRS Safeguard Security Report (SSR)
  • Develop and update the IRS Corrective Action Plans (CAPS)
  • Develop and update the IRS Inspection Plan and Inspection Reports 
  • Coordinate with departmental agency staff as necessary to provide guidance on the process of conducting risk analysis and computer security reviews, security assessments, the preparation of Disaster Recovery Plans, security plans, and the processes involved in the D.C. required activities for the Certification and Accreditation of Major Information and General Support Systems (MIS/GSS)
  • Develop IT security Policies
  • Develop IT security Procedures
  • Manage the Computer Security Awareness Training and RoleBased Training projects
  • Develop, review, update and publish Rules of Behavior
  • Develop and implement information sharing regarding cyber security best practices and common vulnerabilities
  • Administer and manage the site and content blocking, event monitoring, network intrusion detection systems
  • Conduct, as needed, vulnerability assessment, and security risk analysis
  • Support process, technical and R&D activities
  • Conduct research of new technologies, systems and processes to make recommendations on the enhancement of the security posture
  • Perform research and preliminary proofofconcept testing of security tools
  • Prepare and submit SAR responses 
  • Manage daytoday security operations, including assisting on investigative matters related to information security as requested
  • Conduct Plan of Action and Milestones (PO&AM) reviews, oversight and reporting as well as Privacy Impact Assessments
  • Coordinate data collection, analysis and reporting for IT security data calls, Freedom of Information Act (FOIA) Requests, Incident reports
  • Excellent attention to detail
  • Excellent oral and written communication skills
  • Ability to work in a fastpaced, dynamic environment
  • Ability to interface with all levels of management
  • Ability to perform complex tasks with minimal supervision and guidance
  • Excellent time management, scheduling, and organizational skills
  • Ability to work well independently or in a team setting
  • Other duties as assigned

Required skills:

 

  • 16 years of IT security experience required
  • 10 years of Experience performing security audit work
  • 10 years of Exp. conducting FISMA, FISCAM audits and developing Systems Security Plans, Privacy Impact Assessments, Contingency Plans and certs (ATO/ATO,C&A)
  • 7 years of Strong knowledge of NIST Risk Management Framework
  • 7 years of Strong knowledge of Security Practices and processes
  • 7 years of Strong knowledge of Security Assurance, Controls and Compliance programs within the federal / DC space
  • 7 years of Knowledge and understanding of FISMA, NIST and SOC-2 information security standards
  • 7 years of Working knowledge of common IT security-related regulations and/or standards such as Sarbanes-Oxley and ISO highly desired
  • 7 years of Experience conducting security control assessments or audits
  • 7 years of Experience developing or managing a security awareness program
  • 7 years of SOC-2 audit experience from a major professional services firm highly desire
  • 7 years of At least one industry certification (e.g. CISA, CISM, CRISC, CISSP, ISAAP) highly desired
  • 7 years of Experiencing developing and maintaining security documentation and manuals
  • 7 years of Demonstrated competency in accurately identifying the scope of work and preparing thorough accurate and detailed schedule estimates
  • 7 years of Exceptional verbal and written communications skills with an ability to express complex technical concepts in business terms
  • 7 years of Solid teamwork and interpersonal skills
  • 7 years of Strong analytical problem-solving and conceptual skills proven through audit/compliance reports, risk identification and mitigation anresolutions
  • BS/BA in MIS, Computer Science, or Security

 

Contact the recruiter working on this position:



The recruiter working on this position is Rajendra Reddy
His/her contact number is +(1) (202) 4706751
His/her contact email is rajr@msysinc.com

Our recruiters will be more than happy to help you to get this contract.