• jobs
  • 1 week ago

jobs description

ISHPI is a recognized industry leader in providing Cybersecurity support and consulting services to our Federal agency and Department of Defense partners. In this, we specialize in developing and performing Cybersecurity Engineering and Operations processes and activities to ensure systems and services achieve and maintain adequate levels of compliance and operational security posture throughout... all phases of their lifecycle. We are currently seeking cybersecurity professionals for positions in the Suffolk VA area supporting the Internal Revenue Service.
• Serve as Security Controls Assessors for formal Security Test and Evaluation, Conduct of Security Certifications of systems/networks/sites assessing security control compliance, providing guidance regarding remediation and mitigation of identified vulnerabilities, all security domains.
• Support to the Security Assessment and Authorization (SA&A) Risk Management Framework tasks for all managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation.
• Conduct in-depth security reviews and assessments of deployed and proposed security control implementations for systems and applications hosted in CSP environments such as AWS, Azure, Google etc.
• Documenting test case findings from completed Risk and Vulnerability Assessments (RVA) within Requirements Traceability Matrixes (RTMs) and Security Assessment Reports (SARs).
• Reconciling system categorization and information types against NIST 800-53 and agency specific security control overlays to identify final security control baselines.
• Understand and analyze CSP SSPs and provided inherited controls and updating and tailoring system security control implementations to meet the customer requirements.
• Knowledge of current NIST RMF and FedRAMP SA&A approaches to ensure that assessment plans and packages are executed and constructed in alignment with FedRAMP PMO requirements.
• Provide guidance on the application of security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements, reviewing and determining the adequacy of required documentation.
• Develop and update organizational SA&A requirements, document templates, procedures, and policies for cloud-based systems and applications.
• Provide support for management and maintenance of assessment and authorization repositories.

Key Skills
• Understanding of architecting and securing applications in the cloud.
• Strong familiarity with migrating applications to the cloud.
• Strong familiarity with National Institute of Technology (NIST) Information Security Documents.
• Experience executing the NIST Risk Management Framework (RMF).
• Experience developing and promulgating Security Assessment Plans and POAMs
• Experience interpreting and evaluating implementations of NIST 800-53 rev 4 security controls.
• Experience in analysis of IA requirements, IA architecture design, IA audit tools and IA compliance for operational/mission systems.
• Implementing Risk Management Framework (RMF) in high-risk network environment
• Practices and methods of IT strategy, enterprise architecture and security architecture

• Bachelor's Degree in Computer Science, Software Engineering, Systems Engineering, Information Systems or a related technical discipline with 5+ yrs. of related work experience ; an additional 4 years of work experience may be substituted in lieu of a degree
• Excellent written and oral communication skills a must, with the ability to work independently or as a member of a team; must be comfortable working with personnel on all levels of an organization
• Current DoD 8570 IAT III certification preferred or be able to obtain within 90 days of start date
• Specialized Expertise
• RMF and ISCM related system assessment and monitoring tasks including general Federal agency FISMA and FedRAMP security assessment and compliance reporting requirements.
• Familiarity with Ongoing Authorization/Continous Mitigation OA/CM
• Other Applications
• ComplyVision/ACE or other C&A tool or workflow such as IACS/XACTA, eMASS etc
• System Platforms
• Microsoft Windows
• Linux E
• Primary Databases
• Microsoft SQL

Clearance Requirement Selected candidate must a U.S. Citizen and be able to obtain and maintain required Department of Treasury background clearance. Individuals with a current or former Dept of Treasury clearance within the last 6 months or less are preferred.

“Ishpi Information Technologies, Inc. is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, disability, or status as a protected veteran.”

Pay Rate

The annual base salary range for this position is $120,000 - $125,000 . Please note that any salary information disclosed is a general guideline only. Ishpi considers factors such as (but not limited to) scope and responsibilities of the position, candidate's work experience, education/ training, key skills as well as market and business considerations when extending an offer.

Expression of Interest By applying to this job, you are expressing interest in this position and could be considered for other career opportunities where similar skills and requirements have been identified as a match. Should this match be identified, you may be contacted for this and future openings.
• cj
United States


Apply - Information Systems Security Analyst (Remote) United States