Cyber Security Consultant
United States
Full Time
12 hours ago
No H1B
Key skills
Risk ManagementCommunication
About this role
Information Technology Strategies, Inc. is a government IT solutions provider servicing commercial and government initiatives in various parts of the United States. They are currently seeking a Cybersecurity Assessment and Authorization Expert to serve as a Subject Matter Expert in cybersecurity policies and procedures, particularly in the Assessment and Authorization of information systems.
Responsibilities:
- Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures
- Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization
- Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes
- Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization
- Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process
Requirements:
- Must possess IT-II security clearance or have a current National Agency Check with Local Agency Check and Credit Check (NACLC). (Basic Federal Clearance requirements are U.S. Citizenship, clear criminal history check, no recent or pending bankruptcies)
- Must have DLA CERT Analyst will maintain CSSP Analyst certification: CySA+, CFR (CyberSec First Responder), or CEH (Certified Ethical Hacker) certifications
- Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience
- Must have DOD cybersecurity experience
- Experience in assessing security controls and conducting authorization reviews for large, complex organizations
- Experienced in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures, and processes
- Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and Industrial Control Systems (ICSs), warehouse execution systems and Operational Technology (OT) infrastructures
- Excellent oral and written communication skills