Cybersecurity Assessment and Authorization Specialist

DecisionPoint Corporation is seeking a qualified individual to perform the duties of Cybersecurity Assessment and Authorization Specialist that provides support to our client at the Department of State (DoS) in Washington DC area. This position is responsible for executing and assisting in the completion of security certifications and for providing support in obtaining Authority to Operate (ATO) for information systems applications hosted on the Azure Cloud environment.

This position is remote. 

• Essential duties and responsibilities include the following. Other duties may be assigned.
• Responsible for the integration of DecisionPoint core competencies into daily functions, including: commitment to integrity, knowledge / quality of work, initiative / motivation, cooperation / relationships, problem analysis / discretion, positive oral / written communication skills, reliability / dependability, flexibility and ownership / accountability of actions taken.
• Assists in developing and tracking reporting Federal Information Security Management Act (FISMA) compliance activities, including annual Contingency Plan tests, annual Privacy Impact Assessments (PIA), quarterly Plan of Action and Milestones (POA&Ms) updates and user access reviews.
• Assists system owners in developing security authorization packages that are fully compliant with National Institute of Standards and Technology (NIST) guidelines (NIST 800-37, NIST 800-53, FIPS 199)
• Assist in preparing documentation for agency authorization to operate (ATO) in accordance with Department of State and Federal rules and guidance, including cybersecurity, legal and privacy considerations, including documents such as - PIA, SIA, SSP, SAP, & ATT
• Maintain an understanding of the configurations, architecture, software, accounts, data flows, ports, protocols, and other relevant data for each assigned system.
• Perform continuous monitoring of security controls to evaluate if they are implemented correctly and operating as intended in accordance with cybersecurity requirements.
• Reviews and updates the system security categorization and risk assessments for each system annually or upon significant change.
• Annually reviews and updates the security and contingency plan for each system and makes recommendations to address significant deficiencies.
• Conducts annual security controls effectiveness testing. Documents findings and advises and monitors remediation efforts on all systems.
• Conducts research, evaluation, recommendation, and documentation in support of security assessment reports, methodologies, briefings, and presentations.
• Conducts risk assessments, using RMF framework, on customer systems and network and documents in accordance with NIST, Risk Management Guide for Information Technology Systems.
• Reviews and updates risk assessments when significant changes occur to systems/network.
• Ensures customer information and information systems are adequately protected from unauthorized access, use, disclosure, disruption, modification or destruction. Provide Briefs - including, at a minimum, areas of conformance to directives, corrective recommendations for deficiencies, and POA&M explanations to correct deficiencies.
• Analyzes cloud-based IT systems, from a security perspective, during the initial phases of system development and throughout the systems development lifecycle.
• Based on audit results, assist with development and mitigation strategies that lead to the elimination of vulnerabilities and improved audit scores.
• Responsible for aiding in own self-development by being available and receptive to all training made available by the company.
• Plans daily activities within the guidelines of company policy, job description and supervisor’s instruction in such a way as to maximize personal output.
• Provide weekly activity reports to keep management apprised of current and upcoming tasks.
• Support team meetings to provide system compliance and information assurance guidance and to discuss any concerns.

• Active Top Secret Clearance.
• Bachelor's degree in a technical field of study and a minimum of five (5) years' relevant experience, or equivalent combination of education / experience or ten (10) years of experience in lieu of a degree.
• Must have at least one year of information security experience and one year of certification and accreditation (C&A) compliance / Security Assurance (SA) experience (preferably NIST based).
• Experience working in a complex cloud-based environment. Experience with current and emerging technologies that involves implementing, administering, analyzing all elements of network systems, systems security, and design assurance.
• Security & Compliance related certification preferred, such as - SANS GIAC, Security+, Network+ or SSCP certification.

Desired Skills/Abilities:

• Working knowledge and understanding of OMB, FISMA, FIPS and other federal regulations and requirements associated with Information Security
• Specialized knowledge and advanced skills in the tools, concepts, practices and procedures of security management and continuous monitoring
• Knowledgeable of security-related processes with respect to Federal risk and compliance regulations best practices
• Ability to read, analyze, develop and interpret common information systems security documents
• Expert computer skills with advanced proficiency in a Windows and Azure Cloud based environment
• Excellent critical thinking skills with ability to identify, analyze and resolve problems / complex issues
• Excellent verbal and written communications skills with ability to prepare quality reports and effectively communicate / interact with a wide variety of technical and non-technical audiences ( i.e., team members, management and federal staff)
• Exceptional customer service skills with ability to respond to requests in a professional, helpful and timely manner
• Highly organized with ability to effectively manage multiple tasks and priorities
• Ability to effectively work both independently and in a team environment for the successful achievement of goals
• Ability to read, analyze and interpret common scientific and technical journals, and legal documents. Ability to write reports and articles for publication that conform to prescribed style and format. Ability to effectively present information via Webinar to various audiences for the government client.
• Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables.

• EEO and Affirmative Action Policy: DecisionPoint Corporation is an Equal Employment Opportunity and Affirmative Action employer. It is the policy of DecisionPoint Corporation to provide equal employment opportunity in accordance with all applicable Equal Employment Opportunity/Affirmative Action laws, directives and regulations to all employees and qualified applicants without regard to race, ethnicity, color, religion, national origin, sex, age, disability status, pregnancy, sexual orientation, gender identity, genetic information, protected veteran status, or any other protected status under Federal, State or Local laws.
• Pay Transparency Policy: In accordance with Presidential Executive Order 13665, DecisionPoint Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.
• Authorization to Share Resume and Personal Information: By expressing your interest and submitting your resume for this position, you authorize DecisionPoint Corporation to share your resume, as well as personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should DecisionPoint Corporation. or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.