The Level II Information Assurance (IT Security Specialist) will play a critical role in supporting the Cybersecurity and Infrastructure Security Agency (CISA) by conducting comprehensive Security Control Assessments (SCAs) of CISA's information systems. The primary objective is to identify, assess, and report on the security weaknesses and deficiencies within these systems, and to provide actionable recommendations for remediation.

Key Responsibilities:

• Conduct SCAs for CISA's information systems to evaluate the effectiveness of security controls.
• Initiate and lead system assessment kick-off meetings with system stakeholders.
• Perform thorough testing and analysis of controls, vulnerabilities, and configuration management.
• Document findings in Security Assessment Reports (SARs), recommending corrective actions.
• Incorporate results from previous risk assessments, penetration tests, and vulnerability reports into the SARs.
• Ensure SCAs meet the Risk Management Framework (RMF) timelines set by the government.
• Develop and execute Security Assessment Plans (SAP) in line with DHS standards.
• Perform independent security control assessments following NIST 800-53A, FedRAMP, and DHS standards.
• Create executive summary reports and present findings to system stakeholders and executive leadership.
• Provide detailed risk analysis and residual risk reports (RRR) from the DHS Information Assurance Compliance System.
• Develop standardized control implementation language for CISA systems.
• Reassess failed controls as required and support the federal lead in preparing reports and presentations.
• Innovate and improve the assessment and authorization process to enhance security delivery.
• Contribute to the development and maintenance of common control programs and minimum-security control baselines.
• Maintain internal Standard Operating Procedures (SOP) for security assessments and support systems under Ongoing Authorization (OA).

Qualifications:

• Minimum of eight (8) years of experience in IT security, specifically in information assurance and security control assessments.
• Demonstrated experience with NIST 800-53A and DHS security standards.
• Strong understanding of risk management and security assessment methodologies.
• Excellent analytical, documentation, and communication skills.
• Ability to present complex security findings to both technical and non-technical audiences.
• Proven ability to innovate and improve processes within a security assessment context.
• Experience working with DHS Information Assurance Compliance System or similar tools.

Preferred Qualifications:

• Certified Information Systems Security Professional (CISSP) or equivalent certification.
• Certified in Risk and Information Systems Control (CRISC) or equivalent certification.
• Previous experience working with federal agencies utilizing Cloud Service Providers (CSP).

Sedulous is an equal opportunity employer and Vietnam Era Veterans Readjustment Assistance Act (VEVRAA) federal contractor. All qualified applicants receive consideration for employment without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity, protected veteran status, status as a qualified individual with a disability, or any other category protected by law. Infinity hires and promotes individuals solely on the basis of their qualifications for the job to be filled. Should an applicant require reasonable accommodations, please reach out to Sedulous.

Job Type: Full-time

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Life insurance
• Paid time off
• Vision insurance

Schedule:

• 8 hour shift
• Day shift
• Monday to Friday

Experience:

• NIST 800-53A and DHS security standards: 8 years (Required)
• IT security: 8 years (Required)
• specifically info assurance and security control assessments: 8 years (Required)

License/Certification:

• CISSP (Preferred)
• CRISC (Preferred)
• CSP (Preferred)

Ability to Commute:

• Quantico, VA (Required)

Ability to Relocate:

• Quantico, VA: Relocate before starting work (Required)

Work Location: In person