State & Federal Government Jobs in the USA
Website Y-12 National Security Complex
Job Description:
The Cyber Security Professional is responsible for the Assessment and Authorization (A&A) of Federal information systems, as well as the development of accreditation and other required cybersecurity documentation for new and existing systems. Additionally, this person will utilize various network tools for continuous monitoring of Information Technology (IT) assets. This role includes responsibilities of the Information System Security Officer (ISSO) and/or the Security Control Assessor (SCA) for classified and unclassified IT systems. Candidates are expected to have an understanding of the NIST Risk Management Framework (RMF) and the various supporting elements. Successful candidates for this role will be expected to stay up to date on the latest cybersecurity risks and threats, as well as work with technology subject matter experts (SMEs) to develop risk assessments and the proper mitigations.
Job Responsibilities:
- Perform other duties as assigned
- Perform continuous monitoring of Information Technology (IT) assets
- Development of accreditation and other required cyber security documentation for new and existing information systems
- Develop risk assessments and the proper mitigations
- Conduct independent comprehensive assessments of the management, operational, and technical security controls, and control enhancements employed within, or inherited, by an information technology (IT) system, to determine the overall effectiveness of the controls (as defined in NIST SP 800-37)
- Assessment and Authorization (A&A) of Federal information systems
- This role includes responsibilities of the Information System Security Officer (ISSO) and/or the Security Control Assessor (SCA), for classified and unclassified IT systems
Job Requirements:
- Knowledge of laws, regulations, policies, and ethics as they relate to cyber security and privacy
- Knowledge of NIST 800-53/53A security controls
- Knowledge of computer networking concepts and protocols, and network security methodologies
- FedRamp and Cloud compliance experience
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of Risk Management Framework (RMF) best practices
- Knowledge of database systems
- Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- Knowledge of Security Assessment and Authorization process
- Knowledge of Application Security Risks
- Knowledge of cyber security and privacy principles
- Security+, CEH Certification or CISSP Certification
- Ability to present administrative, technical, and operational information clearly and effectively through the oral and written word as well as diagrams and charts
- Experience with RMF in the DOE Community
- Knowledge of Personally Identifiable Information (PII) data security standards
- Knowledge of cyber threats and vulnerabilities
- Knowledge of authentication, authorization, and access control methods
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
- Ability to assess and provide written assessments of A&A packages.
Job Details:
Company: Y-12 National Security Complex
Vacancy Type: Full Time
Job Functions: Others
Job Location: Amarillo, TX, US
Application Deadline: N/A
jobbry.net