716 – Security Assessment Team (SAT) Lead - Secret Clearance Minimum
Zeneth Technology Partners
Zeneth is looking for a Security Assessment Team (SAT) Lead that enjoys working in a highly collaborative, fast-paced environment to join our growing Federal Cybersecurity Practice. This is a vital role to help ensure the security of our nation’s infrastructure. If you have a passion and a desire to lead a team to help protect critical assets from cyber attacks, this role is perfect for you. In this role, you will lead a security assessment team that performs assessments in accordance with the NIST Risk Management Framework (RMF). You will act as the primary interface and lead for your team while also being an active participant in the assessment process while managing the delivery of staff assignments, as needed. This position will require occasional travel to other locations throughout the US and is located in Alexandria, VA.
Ideal candidates should possess the following skills and execute tasks as described below:
· 7+ years of experience conducting security assessments in accordance with the NIST RMF
· 7+ years of experience as a manager and leader
· Prepare SAP packages and conduct SAP activities for new and existing SBU information systems in accordance with all applicable Federal Regulations, organizational policies and procedures to include DoD, DHS, Intelligence Community Directive (ICD) and National Institute of Standards and Technology (NIST) 800 series.
· Prepare SAP packages for new and existing Classified systems in accordance with Department of Defense Instruction (DoDI) 8510.1 “Risk Management Framework (RMF) for DoD Information Technology (IT)”, and DHS policies for Committee on National Security Systems (CNSS).
· Prepare, upload and obtain validation for all SAP packages using customer approved risk management tools. (Xacta, eMASS)
· Assess, maintain, and update all Common Control Catalog(s) within the current risk management tool (Xacta, eMASS).
· Provide Security Control Assessment (SCA) support in accordance with NIST RMF.
· Conduct an independent assessment of the implemented security controls documented in the System Security Plan to ensure that the controls are in compliance with the Federal and organizational security requirements under DOD, DHS and NIST.
· Examine the following RMF Security Authorization (a.k.a. C&A) documentation as a part of the SAP effort to include System Security Plans, E-Authentication, Federal Information Processing Standards (FIPS 199) Security Categorization, Contingency Plans, Contingency Test Plans, Configuration Management Plans, and Plan of Action and Milestones (POA&M).
· Review Security Authorizations for expirations, re-authorization or identified as new systems.
· Provide a Requirements Traceability Matrix (RTM) to ensure that all security requirements are identified, specific details on how each security control is analyzed tested and the results.
· Evaluate the systems risk elements of all failed control tests to determine the recommended fix needed to mitigate the risk, safeguards to be implemented until the risk can be mitigated and the potential impact the identified risk poses to the system.
· Develop and publish a Risk Assessment documenting the results and analysis of the tests performed on the system.
· Develop and publish a Security Assessment Report documenting the results of the security control assessment and the effectiveness of the implemented security controls to include recommendations for correcting any weaknesses or deficiencies in the controls and the adjusted risk level of the system as a whole based on the analysis of the risk elements.
· Develop decommission packages in accordance with DHS and DoD Cybersecurity and FISMA policies and procedures.
· Review system security posture and provide recommendations for a system requesting Interim Authority to Test (IATT).
· Provide AO support in accordance with the NIST RMF.
· Provide recommendation for the approval/disapproval of a system to obtain its ATO.
· Provide Security Authorization Validation support in accordance with NIST RMF consisting of following RMF phases:
· Categorize Information Systems to include validating the accuracy and completeness of listed/defined project personnel, ISSO designation letters, system users, system boundaries, ports, protocols and services, system environments, e-Authentications, system data types and system securities.
· Implement Security Controls to include validating the accuracy and completeness of listed/defined system equipment groups, equipment inventory, software, hardware and firmware. The Contractor shall implement controls, the system security plan and ensure an official vulnerability scan has been ordered.
· Conduct a Security Assessment to include validating the accuracy and completeness of the security assessment plan and security assessment.
· Conduct a Risk Analysis to include validating the accuracy and completeness of the risk elements, risk assessment, security assessment report, system risk level, contingency plan and contingency plan test.
· Complete POA&M to include validating the accuracy and completeness of the POA&M elements and Privacy Threshold Analysis.
· Complete Component Document Review to include validating the accuracy and completeness of all published documents.
· Publish, submit and upload SAP and provide Transmittal letters to System Owners.
· Complete an Annual Contingency Plan and Test to validate key areas of the system.
· Complete an Annual Self Assessments to validate the key areas of the system.
· Ability to clearly convey results in formal technical reports and deliver briefings to senior client staff
· Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action.
· Direct and/or implement operational structures and processes to ensure an effective enclave IA security program including boundary defense, incident detection and response, and key management.
· Examine enclave vulnerabilities and determine actions to mitigate them.
· Analyze IA security incidents and patterns to determine remedial actions to correct vulnerabilities.
· Provide support for IA customer service performance requirements.
· Provide support for the development of IA related customer support policies, procedures, and standards.
· Provide OJT for IAT Level I and II DoD personnel.
· Analyze IAVAs and Information Assurance Vulnerability Bulletins for enclave impact and take or recommend appropriate action.
· Demonstrates exceptional troubleshooting methodology and solving problem skills
· Prior military experience in an active duty, reserve or support contractor role is highly preferred
· Bachelor of Science degree in Computer Science, Management Information Systems, or a field related to technology or equivalent. Additional experience can be substituted for a degree.
· Active security certifications at both the DoD 8570 IAT Level III (e.g., CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH and CSSP-AU (e.g., CEH, CySA+, CISA, GSNA, CFR) levels.
· Excellent verbal and written communication skills with the ability to communicate clearly and effectively based on the audience
· Candidates should already have an active Secret security clearance at a minimum with the ability to upgrade to TS/SCI if required
· Works well in a team environment
Zeneth is an Equal Opportunity Employer (EOE), qualified applicants are considered for employment without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, or veteran status.