We are looking for an Information Security Specialist to join our team on an upcoming cyber security program supporting our federal client.

Responsibilities Include:

• Risk Management and Information Security Continuous Monitoring (ISCM) and System Security Support:
  • Create and present Risk Management Framework (RMF) briefings for existing information systems requiring Authorization to Operate (ATO) renewals.
  • Conduct Security Impact Assessments (SIA's) to determine if proposed changes to information systems warrant a new Assessment & Authorization.
  • Continuous Monitoring reporting based on the Continuous Diagnostic and Mitigation (CDM) program.
• Plan of Action and Milestones (POA&Ms) and Interconnection Security Agreement (ISA):
  • Creation, monitoring, closing, and reporting POA&Ms.
  • Enter POA&Ms, received via email, into Xacta with a Weakness Completion Verification Form (WCVF) routed to the lead responder within 3 days of receipt.
  • Schedule working sessions to ensure dates for completion are on target and to assist with recommending mitigation efforts, when needed.
  • Process POA&Ms received by the POA&M support desk for further routing within 3 days of signature. Processing includes further routing for signature or documentation updates, scanning, and filing in Xacta.
  • Assist with the analysis and interpretation of risks associated with scan results as they pertain to individual systems within 3 days of receiving results.
  • Creation and modification of Interconnection Security Agreements (ISA) documentation will be completed by provided deadlines for projects and SLAs.
  • ISA documentation for all customers to be reviewed and modified as necessary within 365 calendar days of previous update cycle.
  • Automate the POA&M management through system to track status, report, and escalate issues.
  • Automate notifications to POA&M responsible individuals and Assessors.
• Technical Continuous Monitoring:
  • Support Information System Security Officer(s) (ISSO) with technical assessment and Information System analysis in accordance with the customer's risk management framework.
  • Monitor and report technical security controls in accordance with the customer's Continuous Monitoring plan/strategy.
  • Evaluate, interpret, and incorporate new customer and NIST technical control standards into information system boundaries as control standards are published.
  • Perform Quality Assurance support on Information Systems Security controls.
  • Support non-standard technical requests that impact the System or multiple customers, within one (1) business day.
  • Ensure that Personally Identifiable Information (PII) events associated with the Information System boundaries are reported to the Computer Incident Response Center (CIRC) within 1 hour in accordance with the Privacy Breach Response Plan.
  • Ensure that Vulnerability and/or Compliance scans/reports are processed in accordance with the Continuous Monitoring plan/strategy.
• Update Risk Management Standard Operating Procedures (SOP's) as needed.

Required Qualifications, Experience, and Skills:

• Must be a US Citizen able to obtain an agency-specific Public Trust clearance prior to starting.
• 3 years of specialized experience in Cybersecurity or Compliance.
• Must reside within a commutable distance of Lakewood, CO to work onsite as required.
• Significant knowledge in National Institute of Standards and Technology (NIST) Special Publications.
• Significant knowledge in the Federal Risk and Authorization Management Program (FedRAMP).
• Significant exposure to the various cloud platform offerings.
• Experience with Xacta.

Preferred:

• CISSP, CCSP, CIPP, CAP, CASP/GSLC/CISM/CSM or other industry standard security certifications

Cyber Security Innovations (CSI) is an equal opportunity employer committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws. As a veteran-friendly employer, we encourage military veterans to apply.

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. CSI makes hiring decisions based solely on qualifications, merit, and business needs at the time.

CSI participates in the E-Verify Employment Verification Program.