APPLICANTS SELECTED WILL BE SUBJECT TO A GOVERNMENT SECURITY INVESTIGATION AND MUST MEET ELIGIBILITY REQUIREMENTS FOR ACCESS TO CLASSIFIED INFORMATION. TOP SECRET CLEARANCE IS REQUIRED WITH THE ABILITY TO GET SCI.
ROLE AND RESPONSIBILITIES:
* Ensure that assigned information systems are operated, maintained and disposed of in accordance with approved security policies and practices
* Ensure that system security requirements are addressed during all phases of the IS lifecycle.
* Develop and maintain Security Authorization (SA)/C&A documentation, including SSPs, CONOPS, ST&E reports and other system security documentation; Conduct reviews and update security documentation, e.g. review and update the SSP, at least, annually for all assigned systems
* Author or coordinate the development of other required system security documentation: Configuration management (CM), Contingency Plan (CP), Continuity of Operations (COOP), Disaster Recovery Plan (DR) and Incident Response Plan (IRP).
* Support risk assessment and evaluation activities throughout the system's lifecycle.
* Implement a strategy for continuous monitoring for assigned systems including: Establishing system audit trails and ensuring their review, reporting all identified security findings and initiating the periodic review of security controls
* Request or conduct required information system vulnerability scans in accordance to establish policy; Develop system POA&Ms in response to reported vulnerabilities
* Ensure compliance with annual FISMA deliverables and reporting.
* Investigate any information technology or system security incidents
* Assess and mitigate system security threats/risks throughout the program life cycle; determine/analyze and delineate security requirements at a level of detail that can be implemented and tested; review and monitor security designs in hardware, software, data, and procedures; perform system security authorization (SA)/certification and accreditation (C&A) planning and testing and liaison activities; support secure systems operations and maintenance.
* Perform security engineering analysis, risk and vulnerability assessment, etc. Monitor and analyze security functional tests.
QUALIFICATIONS AND EDUCATION/CERTIFICATION REQUIREMENTS:
* B.S. degree required and 5 or more years in InfoSec (2 year min. of FISMA-related experience).
* CISSP is required.
* Leadership experience desired.
* Knowledge of information security engineering, design concepts and principles.
* Knowledgable with Systems Development Lifecycle (SDLC) methodologies and continuous monitoring activities
* Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management.
* Demonstrated experience conducting information system security controls assessments (SCAs) and appling standard auditing techniques during system security controls assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient, and recommending remedial actions to the customer to ensure compliance
* Demonstated experience writing information system security documentation (SSPs, POA&Ms, PTAs, PIAs, CMPs, CPs and IRPs).
* Extensive knowledge and experience with information security standards, policies and practices - NIST (800-53 rev4), FISCAM , FISMA, DOD, DCID, FBI, etc.
* Ability to research and address information security issues as required, being an authority on the subject.
* Must be a team player with "can do" attitude. Self-starter; must be able to work independently with initiative and innovation.
* Well versed with using vulnerability assessment tools (NESSUS, AppDetective, etc.) and analyzing the results generated from these assessments
* Proven ability to multi-task and deliver on-time with the highest quality
* Exceptional interpersonal, verbal, and written communication skills, with the ability to collaborate well across teams and organizations, including interactions with senior-level executives. Candidates must be fluent in the English language.
* Candidates may be asked to provide a writing sample.
KCG is offering every candidate we speak with a chance to earn $2,500 if they refer someone who we hire. If we hire your referral, we will send you a check within 30 days of your referral's start date.
Are you a returning applicant?
If you do not remember your password click here.