Information Security Specialist

POSITION OVERVIEW

GAMA-1 Technologies, LLC is seeking a highly motivated, customer-oriented Information Security Specialist to join our team. Our Team supports NOAA/NWS Enterprise-Wide Security Services Support contract. The candidate will be based at the Silver Spring Metro Complex (SSMC2), 1325 East-West Highway, Silver Spring, MD, 20910.

Candidate will assist in the conduct of the Annual Security Assessment & Authorization (SA&A) process for all moderate- and high-impact information systems within the NWS Enterprise using NIST-based security models (Risk Management Framework (RMF) and Continuous Monitoring (CM)). A wide degree of creativity and latitude is expected.

Candidate must have hands-on experience conducting annual security control assessments and/or leading assessment teams. Candidate must have extensive knowledge of and experience with NIST 800-series publications, with emphasis on current versions of SP 800-37, 800-53, and SP 800-53A. Professional communications skills, both oral and written, are required.

KEY DUTIES (Not limited to)

• Travel is required, and will include travel to various NWS sites distributed across the coterminous United States, Hawaii, and Alaska. Travel is estimated at 6-8 trips of one-week duration per year.
• Conducting annual security control assessments in accordance and compliance with policies and procedures provided by DOC/NOAA/NWS. Systems under assessment include all moderate- to high-security categorization systems in the NWS enterprise. Security assessments are to be conducted in accordance with NIST-based processes as defined in current versions of SP 800-37, SP 800-53, and SP 800-53A.
• Assisting in developing preliminary risk/vulnerability analyses and documenting results of the assessment process, including Security Assessment Plans (SAPs), Security Control Assessment (SCA) Spreadsheets, Vulnerability Assessment Reports (VARs), Security Assessment Reports (SARs), and Authorization Out-Brief Presentations.

ESSENTIAL QUALIFICATIONS

• Proficiency in Microsoft Office suite (Word, Excel, PowerPoint, Visio, and Project)
• Must be organized, timely, and customer service oriented
• Ability to work well independently and in a team setting
• Adaptability, flexibility and ability to deal with ambiguity and change
• Excellent verbal and written communication skills
• Excellent attention to detail and good analytical skills

REQUIRED TECHNICAL SKILLS:

• At least four (4) to six (6) years of relevant experience required
• Utilization of scanning products such as: Nessus, Retina, Core Impact
• Knowledge of security best practices such as defense in-depth, least privilege, access controls, encryption
• NIST 800-37 experience
• Experience with NIST SP 800-53 and SP 800-53A (Revision 4 preferred)
• Experience with FISMA A&A continuous monitoring
• Experience with providing FISMA Vulnerability and Compliance Scanning
• Experience with SA&A Core Documentation development (i.e., SAP, SCA, VAR, SAR)
• Experience in assessing and maintaining moderate- to high-impact information systems
• Experience with Automated Reporting Tools, e.g., Cyber Security Assessment and Management (CSAM) or Trusted Agent FISMA (TAF)
• Plan of Action and Milestone (POA&M) Management
• Experience with System and Network administration

DESIRED CERTIFICATIONS (at least one)

• CISM, CISSP, CISA, CAP, CRISC, GSNA

EXPERIENCE AND EDUCATION

• Bachelor’s Degree in Computer Science or related field (i.e., EE, CPE, MIS, IT)
• Proficiency in Microsoft Office suite (Word, Excel, PowerPoint, Visio and Project)
• Strong verbal and written communication skills
• Must be organized, timely, and customer service oriented
• Ability to work well independently and in a team setting
• Adaptability, flexibility and ability to deal with ambiguity and change
• Excellent oral and written communication and customer service skills
• Excellent attention to detail and good analytical skills
• ITIL v3 Foundation Certification, or ability to obtain certification within 6 month
• US Citizenship
• Ability to obtain and maintain a government security clearance

GAMA-1 is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind