More About the Role:
This is an opportunity to support NASA. In this mission we manage the primary infrastructure and core services. We will operate, maintain, deploy, and manage an existing Government furnished systems. A majority of the tasks will be within the National Capital Region. The candidate will be lead for Vulnerability Management, C&A compliance. Provide analytical and technical security recommendations to the team, oversight boards, and customer. Meet with clients and management to help specify and negotiate application security requirements, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of applications to production.
What You'll Get to Do:
• Support the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data on production and development networks.
• Provide professional security services for IA/Cybersecurity in accordance with US Government (USG) and NIST policies and guidelines.
• Provide the necessary support to monitor and ensure compliance with information security policies, procedures and regulatory requirements including assistance with internal auditing, reporting, technical reviews, and identification of security risks.
• Provide technical assistance in support of Cybersecurity inspections and Site Assistance Visits (SAV).
• Assist with drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Plan Of Action and Milestones (POA&M), and Federal Information Security Management Act (FISMA).
• Understand FISMA and the application, documentation and assessment of NIST 800-53 security controls.
• Assist with all facets of the Assessment and Authorization (A&A) process as it relates to FISMA and NIST in a NASA mission focused environment. To include documentation, data collection and entry within a centralized repository and plan of action coordination and tracking.
• Perform support activities associated with the design, development, implementation, and maintenance of IT systems.
• Perform systems requirements development and allocation and develop the appropriate engineering documentation.
• Performs independent assessments (system and software security vulnerability, threat, and risk assessments) on development and large-scale operational environments.
• Performs full-lifecycle (i.e., Concept to Deployment) Information Assurance (IA) security analyses to ensure the logical and systematic conversion of customer or product requirements into total secure systems solutions that acknowledge technical constraints.
You'll Bring These Qualifications:
• A BA/BS degree and 12-15 years of prior relevant experience or Masters with 10-13 years. Years of work experience may be substituted one for one with college years.
• Five (5) or more recent/current year's professional experience within the designated SME area beyond BA/BS or equivalence (except where otherwise specifically noted).
• Must have a minimum of three (3) experience working in an IT environment similar in size (or larger) and scope to this task order.
• Must have a minimum of three (3) working knowledge of large, complex IT environments.
• Experience meeting with clients and management to specify and negotiate application security requirement, reviews current policies and procedures for applicability, and system OS security patch levels, and ensures safe transition of application to production.
• Experienced in providing risk analysis for vulnerabilities, incidents and change request.
• Experienced in being an active member in technical workgroups to recommend effective security configurations and architecture.
• Experienced in developing documentation to support ongoing security systems operations, maintenance and specific problem resolution.
• Ability for oral and written communications with the highest level of management.
These Qualifications Would be Nice to Have:
• 5+ years of experience in IA/Cybersecurity.
• Security certificates such as CISSP, CISM, GSLC, or CASP.
• Experience in performing risk assessment, IT audits, security planning, systems accreditation and policy development.
• Experience complying with USG and NIST regulations and preparing for responding to information security audits and questionnaires.
• Understanding of related information technology (e.g. firewalls, VPN, virtualization, DLP, etc) and physical security assets.
• Knowledge of domain structures, user authentication, data encryption, access audits and end-user security best practices.
• Experience with UNIX/LINUX OS and any scripting language.
• Experience working with IDS/IPS and processes.