Senior Security Analyst
Location: Fairfax, VA
* Provide Security Guidance and function as a Subject Matter Expert on the National Institute of Standard and Technology (NIST) Special Publication (SP) 800 series and Veteran Administration 6500 Handbook.
* Design secure system architectures by incorporating industry best practices and information systems technologies that are available and meet automated information system security requirements.
* Gather required information to support system Authorization to Operate (ATO) by organizing technical working groups, conducting fact-finding interviews, attending system demos, assessing system security categorization levels, establishing system security control baselines, and controlling implementation.
* Lead a team that works with Enterprise, Regional and Facility system owners and Information Security Officers to obtain and maintain authorizations to operate.
* Develops and updates annually the following system security documentation: System Security Plan (SSP), Information System Contingency Plan (ISCP), Privacy Impact Assessment (PIA), Incident Response Plans Disaster Recovery Plans, Risk Analysis, Privacy Impact Analysis.
* Reviews, monitors, and reports Plan of Action and Milestone (POA&M) status to all stakeholders and follows up with appropriate personnel to ensure that POA&Ms are remediated and reported in a timely manner to the POA&M Manager. Specific to NIST Special Publications 800-37, 800-53, 800-34, 800-84, FIPS, and VA Handbooks 6500, 6500.8: plan, analyze and evaluate the effectiveness of systems network security, coordinate with program team members to gather and validate data, use qualitative and quantitative analytical skills to assess the effectiveness of the operations.
* Create plans to assure effective management, operations, and maintenance of systems and/or networks.
Requirements for the Position:
* Bachelor’s Degree in Computer Science, electronics engineering or other engineering or technical discipline is required prefer Master’s Degree.
* 5 years of experience in medium to large enterprise systems managing access.
* 8 years of additional relevant experience may be substituted for education.
* Certifications - CISSP (highly desired), CISA, CAP.
* Excellent problem solving and analytical skills.
* Ability to work across multiple disciplines.
* Ability to work closely with customers and provide presentations.
* Ability to work independently with minimal supervision while providing direction and direct supervision to a team of information security professionals.
* Ability to coordinate multiple activities across geographically dispersed teams.
* Clear understanding of NIST Based IT Security Controls.
* Required experience with Certification and Accreditation process.
* Experience with Disaster Recovery Planning, Contingency Planning, and Continuity of Operations Planning.
* Experience navigating and reviewing documentation in Risk Vision Strong organizational and interpersonal skills.
* Experience generating system security related documents (e.g. ISCP, DRP, IRP, SSPs).
* Excellent written and verbal communication skills.
* Strong working knowledge of MS Suite; Word, Excel, PowerPoint, Project, Lync.
* Prior working knowledge of Veterans Administration security practices, policies, and procedures (Desired).
* Candidates must be US citizens and will be required to undergo a background investigation.
Travel up to 25% required with occasional travel of 2 weeks in a month possible. All travel during business days\hours Monday through Friday, not to exceed 40 hour work week.