Job Information
Steampunk Security Control Assessment (SCA) Analyst in McLean, Virginia
Overview
Steampunk is a proven, results-focused cybersecurity, management, and information technology services firm committed to support federal agencies that focus on protecting and defending our nation’s homeland security, intelligence, and stability. In a rapidly changing threat landscape, we have the organizational agility, deep homeland security experience, cultural insight and multidisciplinary expertise to help our customers accomplish today’s mission and anticipate tomorrow’s demands, efficiently and cost-effectively.
Steampunk professionals work with our federal agency customers in the administration and oversight of large government programs and initiatives. As a member of one of our DHS support teams, you will play an important role performing a wide array of security compliance and oversight tasks to successfully accredit and maintain accreditation of critical information systems.
Contributions
As a member of one of our DHS support teams, you will play an important role performing a wide array of Cybersecurity duties including:
Assess the organization’s existing IT security program, work products, and tools in relation to key agency mission, security goals, and objectives.
Develop, engineer and implement sustainable security solutions designed to address program gaps.
Assess and articulate risk in relation to mission/business objectives and processes.
Document security processes and status in support of security authorization (also referred to as C&A or A&A) activities.
Qualifications
Required Qualifications:
Possesses and applies expertise on multiple complex work assignments which are broad in nature, requiring originality and innovation in determining how to accomplish tasks.
Has the ability to apply a comprehensive knowledge across key tasks and high impact assignments.
Plans and leads major technology assignments.
Evaluates performance results and recommends major changes affecting short-term project growth and success.
Functions as a technical expert across multiple project assignments.
Must have 5 years of IT experience (inclusive of 1 year of Cybersecurity experience) if you hold a BS or Master’s Degree in an IT field.
Or, 7 years of IT experience (inclusive of 3 years of Cybersecurity experience) if you hold a BS in a non-IT field.
Or, 9 years of IT experience (inclusive of 5 years of Cybersecurity experience) if you do not have a degree.
Possesses at least one professional certification relevant to the technical service provided. Maintain a certification relevant to the product being deployed and/or maintained. Professional certifications must be approved by the FPM or FDPM
Must be a U.S. Citizen
Preferred Qualifications:
Familiarity with one or more of DHS Directive 4300A, FIPS Pubs 199 & 200, and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60
Experience as an Information System Security Officer (ISSO)
Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring
Experience with POA&M management
Experience performing Security Authorization
Experience performing Risk Analysis and Assessment
Experience with XACTA or similar tool
CAP or CISA
Should be able to support a minimum of four of the areas listed:
Security Control Assessment
Security Code Analysis
Product Evaluation
Document Review and Security Technical Writing
Risk Assessment and Risk Management
Policy and Audit Services
5 or more years directly supporting security of IT systems
Demonstrated capabilities performing the following:
Ensuring the automated monitoring of information system assets through Continuous Diagnostics and Mitigation (CDM) tools and sensors;
Maintaining an asset inventory of hardware and software within the program/development offices or field site facility;
Ensuring that security requirements for the assigned major application or general support system are being or shall be met;
Ensuring that requests for Security Authorization (SA, also commonly referred to as Assessment & Authorization or Certification and Accreditation) of assigned major application or general support systems are completed in accordance with the published procedures;
Coordinating the development of a Contingency Plan and ensuring that the plan is tested and maintained;
Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.g. NIST 800-30, 37, 39);
Ensuring preparation of security plans for sensitive systems and networks;
Reporting IT security incidents (including computer viruses) in accordance with established procedures;
Reporting security incidents not involving IT resources to the appropriate security office; and representing the security team as part of change management for assigned information systems.
About steampunk
Steampunk relies on several factors to determine salary, including but not limited to geographic location, contractual requirements, education, knowledge, skills, competencies, and experience. The projected compensation range for this position is $100,000 to $150,000. The estimate displayed represents a typical annual salary range for this position. Annual salary is just one aspect of Steampunk’s total compensation package for employees. Learn more about additional Steampunk benefits here.
Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors. Through our Human-Centered delivery methodology , we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges. As an employee owned company , we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com .
We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.
Refer a Friend (https://careers-steampunk.icims.com/jobs/5732/security-control-assessment-%28sca%29-analyst/job?mode=apply&apply=yes&in_iframe=1&hashed=-336029103)
Need help finding the right job?
We can recommend jobs specifically for you!
Job Location US-VA-McLean
Posted Date 2 months ago (10/21/2024 9:49 AM)
Job ID 5732
Clearance Requirement Public Trust