Business Performance Systems logo

Senior Information Security Specialist

Business Performance Systems
Full-time
On-site
Washington, District of Columbia, United States
$117,000 - $129,000 USD yearly

Job Description


Summary


Join a stable and growing company on a long-term Federal project with variety and interesting challenges. Bring your extensive knowledge and experience in delivering security administration support to data centers which includes incident reporting, planning, standards compliance, platform configuration management, cyber security vulnerability tracking, and secure user access and management. Exercise your expert knowledge of information system security and federal risk management framework in an environment that provides autonomy and flexibility, on a project that respects, utilizes, and develops your expertise. Work in a small team of technical and program support consultants for a large federal agency.


Workplace choice either Washington DC, Reston, VA, or Lakewood, CO. Limited Telecommuting. Top salary for highly qualified candidates.


NO PHONE CALLS, PLEASE.


Responsibilities



  • Map and implement necessary defined security controls as they relate to the agency infrastructure on agency owned devices.

  • Develop, implement and maintain security documents such as:

    • System Security Plans (SSP)

    • Risk Assessments

    • Risk Acceptance documentation

    • Security Impact Analyses

    • Contingency Plans

    • Incident Response Plans

    • Plan of Actions & Milestones (POA&M)

    • Independent Security Assessment (ISA)

    • Memorandum of Understanding (MOU)

    • Service Level Agreements (SLA)

    • Assessment & Authorizations (A&A)



  • Provide input to auditors, to include providing artifacts to support current configurations

  • Assess existing systems, applications, tools in addition to existing security processes for security implications and recommend improvements to strengthen security posture based on assessment.

  • Conduct continuous monitoring to include maintenance of current ATO, monitoring compliance, conducting assessments, conducting periodic scans, auditing events and review of audit logs, ensuring media is properly secured before transit or sanitized before disposal.

  • Provide recommendations to the agency on methods to minimize security impacts of new requirements, technologies in accordance with policies, federal laws & mandates.

  • The contractor will coordinate/facilitate meetings and regular interaction with System Owner, agency IT Security personnel, data center personnel, change control board personnel and data center end users providing technical and non-technical security-based expertise, guidance and documentation.

  • Develop, communicate, and enforce security policies, procedures and safeguards for all systems and staff, based upon Data Center and other government standards.


Qualifications - Required



  • BA/BS

  • 6+ years of experience

  • Minimum of 4 years direct full-time experience conducting security assessments and developing all deliverables within a system authorization package.

  • Must have knowledge of hybrid (on-premise & cloud) data center environments to include evaluation and guidance on security control implementation on network, storage, server (Windows, Linux, Oracle) and platform (Microsoft Hyper-V and Azure Preferred).

  • Must have direct experience developing IT security policies, architectures, and standard operating procedures with a strategic perspective.

  • Extensive knowledge of and practical experience with implementing standard methodologies used in the Risk Management Framework

  • Must have detailed and extensive experience with implementing, evaluating, and documenting all technical, management, and operational security controls as defined by the NIST SP 800-53 (as amended).

  • Expert-level knowledge and experience with NIST guidelines and industry best practices for: Risk Assessment and Management, Vulnerability Analysis, Contingency Planning, Disaster Recovery, Configuration Management, Security Assessments and developing Mitigation Plans.


Qualifications - Highly Desired



  • Bachelor's in computer science, Engineering, Technology or a related field

  • CISSP


Compensation



  • $117,000 - $129,000/yr, based on capability and experience


Other



  • Location: Washington, DC metro area and/or Lakewood, CO

  • Telecommuting: Limited

  • Hours: Full Time




About BUSINESS PERFORMANCE SYSTEMS


Business Performance Systems is a successful, well-established small business composed of skilled consultants supporting high-priority government projects. We provide our staff with a great degree of autonomy and growth potential in a company that combines the entrepreneurial environment of a small business with the maturity and financial stability of a large company. We offer competitive salaries and a comprehensive benefits package. Learn more about us at www.BPSconsulting.com.


Business Performance Systems is an equal opportunity employer.