Senior Information Security Professional
LightFeather.io, LLC is hiring senior information security professionals to work on our team supporting the Department of Homeland Security (DHS). This is a long-term project located in Washington DC. In this position, you will work in a collaborative environment an integrated team consisting of resources from DHS, LightFeather and others.
All candidates must demonstrate a high degree of initiative, passion for innovation, a solid understanding of information security, and a willingness to work in a highly collaborative security culture. If accepted for a position with LightFeather.io, LLC, you will be joining a team that embraces agile security methodologies with an emphasis on automation, continuous monitoring and innovative security.
- Perform error free, independent compliance reviews, tracking, and continuous monitoring of newly submitted Security Authorization packages.
- Advise and assist the Government System Owner with the Lifecycle SA process and develope a Systems Security Plan (SSP).
- Monitor and track projects in the SA test queue.
- Maintain a document repository where SA project documentation is stored.
- Work closely and act as the system liaison with developers to identify the appropriate certification/approval processes and authorities.
- Record/register actions concerning project approvals to operate in the SA database.
- Read and analyze SSPs and develop understanding of systems and applications into security test plans.
- Coordinate and lead SA actions and system testing with appropriate security personnel.
- Develop Risk Assessment (RA)reports.
- Take the lead in Assembling and submitting SA packages to Principal Accreditation Authority/Designated Accreditation Authority (DAA).
- Review IA Compliance Validation Tests and Reports.
- Prepare and Review error free Vulnerability Remediation Plans (RP)
- Act as SA project register, managing the SA registration process
- Take the lead in managing and maintaining a document repository where SA project documentation is stored
- Act as a leader and mentor to junior ISSO team members
- 15+ years of experience in information security, with a concentration on SA and ISSO responsibilities as it applies to the US Government, or 8+ years and a Master’s degree in Cyber Security
- Extensive experience developing A&A packages, FISMA and NIST
- Active Secret level security clearance
- At least one Advanced Security Certification (e.g. CISSP,Security+, CISM, etc.)
- Must possess demonstrated experience in all phases of preparing and reviewing complete Security Authorization packages for information technology systems and/or applications as defined by the Federal Information Security Management Act of 2002 (FISMA) and implemented by the guidance of the National Institute of Standards and Technology (NIST)
- Experience with Nessus, WebInspect, IP360 or similar tools
- Be able to communicate effectively through written and verbal means to co-workers and senior leadership
- Be able to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met
- Be prepared to take full responsibility for the performance of IA Compliance Validation Tests, reports, and tracking
- Be prepared to offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessments/mitigation approaches
- Be able to work well with collateral engineers, analysts and managers on related programs
- Be able to conduct effective and error free vulnerability assessments of networked and stand-alone information systems to the extent of conclusively validating all technical controls found within NIST SP 800-53R3, as well as other DHS requirements
- Take full ownership of system security and meeting deadlines
- Be prepared to assume a leadership role and assist the onsite PM in the day-to-day management of the ISSO team
- Ability to mentor junior staff
- Provide guidance to engineers, analysts and managers on related programs
- Possess a B.A. or B.S. degree in related field.
- Ability to conduct effective error free vulnerability assessments of networked and stand-alone information systems to the extent of conclusively validating all technical controls found within NIST SP 800-53, as well as other DHS requirements.
- Ability to act as a trusted consultant and offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessment/mitigation approaches.
- Extensive knowledge of DHS requirements security requirements (i.e. DHS 4300).
- Be a Subject Matter Expert (SME) in the fields of NIST publications, FISMA requirements and reporting, privacy data identification and handling, security engineering, certification and accreditation (C&A) procedures, security architecture, vulnerability assessments, computer forensics, computer network defense, and policy development.
- Team LightFeathers ideal candidate is a cyber leader who will thrive in a fast paced environment that demands accountability from each team member.