|Jul 17, 2018
Security Analyst, Senior IOSS 061
Location Austin TX
LABOR CATEGORY DESCRIPTION:
A Security Analyst has experience in the concepts, terms, processes, policy and implementation of information security. Must have experience and knowledge of the latest security measures at all stages of an information system life cycle. Must have the ability to solve complex problems involving a wide variety of information systems. Must be able to understand and differentiate between critical and non-critical systems and networks
The Contractor shall provide 24x7x365 support as required to the Information Assurance Service Line
which provides support for Assessment and Authorization (A&A) processes and Continuous
Monitoring for 300+ Minor and Major applications serving ITOPS IO datacenters as well as
expanding Major application support for Other Government Agencies. Technically, all 300+ A&As are
continuously ongoing year around and are part of continuous monitoring.
Contractor shall ensure the Contractor-provided analysts maintain subject matter expertise level of a
Certified Authorization Professional (CAP®). on related criteria and guidance such as Federal
Information Systems Management Act (FISMA)n, NIST Special Pubs, OMB Memorandum, Privacy Act,
HIPAA, applicable VA directives and handbooks IAW 2.0, and local directives and handbooks.
The Contractor shall:
1. Experience using governance risk and compliance tools. Research and gather data relevant to the development of security artifacts through multiple
techniques such as interview or the use of automated tools and data repositories (e.g. CA SDM,
Agiliance Risk Vision Governance Risk and Compliance tool, SharePoint, Vulnerability
2. Develop and maintain A&A security artifacts and supporting documentation that meets all
applicable FISMA, NIST, VA and ITOPS IO criteria to include:
a. System Security Plan
b. Contingency Plan
c. Risk Assessments
d. Privacy Impact Assessment
e. Privacy Threshold Analysis
f. Incident response plan
g. Configuration Management Plan
h. Security Configurations Checklists
i. Interconnection Security Agreements
k. Security Impact Analysis
3. Act as the customer liaison for A&A processes and related requirements providing timely,
courteous and informative Customer Service
4. Coordinate and monitor the progress of vulnerability scanning and compliance testing from
NSOC and ITOPS IO Technical Security
5. Monitor changes to the application such as key stakeholders, hardware, software, hosting
environment using provided tools such as CA Service Desk Manager. Monitor flaw remediation
using tools such as Nessus Enterprise Web Tool (NEWT).
6. Analyze and recommend to COR/ITOPS IO VA PM(s) information assurance policy guidance to
disseminate to both internal and external customers. Any IA policy guidance changes shall be
approved by the COR/VA PM prior to any dissemination.
7. Assess security controls for annual FISMA self-assessment testing through interviewing
stakeholders, documentation review, analyzing scan results, and reviewing other audits/reviews
for applicable findings.
8. Provide status updates as requested to COR/VA PM(s).
9. Act as liaison to the customer to provide audit support for both internal and external audits and reviews.
10. Review and respond to audit provided by customer requests through COR/VA PM(s).
11. Periodically perform user-acceptance testing of the tools and features within the Agiliance
Governance Risk and Compliance (GRC) tool utilized for A&A processes.
12. Perform user-acceptance testing of Standard Operating Procedures and Job Aid materials that are used internally by the Information Assurance Service Line staff.
Developing and updating A&A security artifacts such as security plans, contingency plans, risk assessments, privacy impact assessments, incident response plans, configuration management plans, configurations checklists, and interconnection security agreements. This business also includes continuous monitoring, self-assessment testing, and audit and compliance support.
Steady employment with no lapses between jobs
Experience with governance risk and compliance tools
NIST 800-53 experience
FISMA compliant Assessment and Authorization experience
Certification and Accreditation experience
Knowledge of emerging trends in IT, and how they relate to IT security (cloud computing, mobile computing, virtualization, PCI and SOC compliance)
Advanced knowledge of SIED, FIN, DLP, IDS/IPS, firewall and anti-virus/malware solutions
Advanced knowledge of information security principles and practices: security risk assessment standards, risk assessments methodologies, and vulnerability assessment
Experience implementing policies, procedures and practices to meet PCI requirements
Risk Management Framework experience
CISSP or CAP certified
Self-motivated and assertive
Ability to set priorities and adapt to changes in a quick, professional manner
Excellent oral and written communication skills with internal and external stakeholders at every level
Organizational skills which enable tracking and meeting multiple concurrent long and short term project milestones
Ability to interact with internal and external stakeholders at every level
Ability to use discretion when handling confidential information
Strong analytical, reasoning and problem solving skills
Candidate must have the ability to solve complex problems involving a wide variety of information systems.
Candidate must be able to understand and differentiate between critical and non-critical systems and networks.
EXPECTED START DATE: 8/13/18
EXPECTED PERIOD OF PERFORMANCE: 3/14/18 - 3/6/19 with two possible one year option periods through 3/6/21
ANTICAPTED HOURS: 40 hours per week
MINIMUM EDUCATION/MINIMUM EXPERIENCE REQUIRED:
Master’s Degree in computer science, electronics engineering or other engineering or technical discipline plus 5 years of experience. 10 years of additional relevant experience may be substituted for education.