Assessment & Authorization (A&A) Analyst -Team Lead
Via Logic LLC, Ashburn, VA, United States
Overview
Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including LAN/WAN, commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.
Responsibilities
The selected candidate will serve as the Security & Technology Policy Division Assessment & Authorization Team Lead and apply their experience as an Assessment and Authorization Analyst to guide team members to evaluate CBP Information Systems being introduced to the environment to determine if they meet the required security standards and are authorized to operate within the CBP network, using the NIST Risk Management Framework (RMF) or similar methodologies.
The candidate will be responsible for administrative reporting and team management and should have knowledge of what happens at key points in the lifecycle of the information system, such as before its deployment or during major updates. The Team Lead should be able to independently create security documentation (e.g., System Security Plan, Security Assessment Report) and support the customer to obtain the final authorization to operate (ATO). The Government typically requires assistance in collecting information and answering questions in regard to many broad IT areas including, but not limited to security management controls, access controls, provisioning and deprovisioning, transfers, separation of duties, configuration management, contingency planning, application security, business process controls, interface controls, and data management system controls.
Experience leading a team of A&A Analysts/Security Control Accessors
In-depth knowledge and expertise of many different federal standards and policies to include, but are not limited to:
GAO auditing practices
Responding to Congressional requests for information
FISMA standards and auditing practices including FISCAM
OMB Circular A-123
DHS 4300A and CBP 1400-05D security policies and manuals; and
NIST
Provide internal assessment, compliance, and evaluation readiness services to the CSD organization, as well as with other CBP OIT directorates as deemed necessary by CSD leadership
Verify and confirm that IT security controls are in place and effective (especially with considerations in cloud migrations)
Provide strategic advice and guidance to the CSD ISSM teams regarding IT security controls best practices and implementation strategies for new systems and applications
Serve as a liaison between auditors, participate in external oversight audits as needed, coordinate and review inquiries and responses with the appropriate CSD Government personnel, and finalize the scope of responses
Demonstrate successful experience with assessing an organization’s maturity level of cybersecurity compliance
Demonstrate expert knowledge of vulnerabilities and weaknesses across complex IT environments
Demonstrate familiarity with SOC operations and cybersecurity sensors and tools
Demonstrate experience with guidance and work products related to issues tracking, plan of actions and milestones, and transparency of maturity level deltas
Assist in developing and presenting briefs to senior leaders on the organization’s CSSP activity
Basic Qualifications
A bachelor’s degree with 8 years’ IT experience or a Master’s with 6 years of relevant experience (additional experience accepted in lieu of degree)
Prior experience with CBP
Experience briefing C-Suite executives
Experience conducting FISMA audits, financial statement audits and coordinating with OIG and KPMG
Minimum of 5 years as an Auditor/ISSO for major federal information systems
Bachelor’s in Computer Science, IT, Information/Cyber Security from an accredited college or university
Knowledge of auditing security controls and financial processes
Superior writing, communication and critical analysis skills
Deep understanding of Information Assurance, IT and Information Management concepts, processes and procedures
DoD 8570 IAT III
Experience delivering large and complex government projects on time and within budget
Must report to Ashburn, VA office daily if needed
Must be a US Citizen
Preferred Qualifications
CompTIA CASP+
ISC2 CGRC
ISC2 CISSP
ISACA CISA
Notice
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.
#J-18808-Ljbffr
Department of Homeland Security (DHS), Customs and Border Protection (CBP) Security Operations Center (SOC) is a US Government program responsible to prevent, identify, contain and eradicate cyber threats to CBP networks through monitoring, intrusion detection and protective security services to CBP information systems including LAN/WAN, commercial Internet connection, public facing websites, wireless, mobile/cellular, cloud, security devices, servers and workstations. The CBP SOC is responsible for the overall security of CBP Enterprise-wide information systems, and collects, investigates, and reports any suspected and confirmed security violations.
Responsibilities
The selected candidate will serve as the Security & Technology Policy Division Assessment & Authorization Team Lead and apply their experience as an Assessment and Authorization Analyst to guide team members to evaluate CBP Information Systems being introduced to the environment to determine if they meet the required security standards and are authorized to operate within the CBP network, using the NIST Risk Management Framework (RMF) or similar methodologies.
The candidate will be responsible for administrative reporting and team management and should have knowledge of what happens at key points in the lifecycle of the information system, such as before its deployment or during major updates. The Team Lead should be able to independently create security documentation (e.g., System Security Plan, Security Assessment Report) and support the customer to obtain the final authorization to operate (ATO). The Government typically requires assistance in collecting information and answering questions in regard to many broad IT areas including, but not limited to security management controls, access controls, provisioning and deprovisioning, transfers, separation of duties, configuration management, contingency planning, application security, business process controls, interface controls, and data management system controls.
Experience leading a team of A&A Analysts/Security Control Accessors
In-depth knowledge and expertise of many different federal standards and policies to include, but are not limited to:
GAO auditing practices
Responding to Congressional requests for information
FISMA standards and auditing practices including FISCAM
OMB Circular A-123
DHS 4300A and CBP 1400-05D security policies and manuals; and
NIST
Provide internal assessment, compliance, and evaluation readiness services to the CSD organization, as well as with other CBP OIT directorates as deemed necessary by CSD leadership
Verify and confirm that IT security controls are in place and effective (especially with considerations in cloud migrations)
Provide strategic advice and guidance to the CSD ISSM teams regarding IT security controls best practices and implementation strategies for new systems and applications
Serve as a liaison between auditors, participate in external oversight audits as needed, coordinate and review inquiries and responses with the appropriate CSD Government personnel, and finalize the scope of responses
Demonstrate successful experience with assessing an organization’s maturity level of cybersecurity compliance
Demonstrate expert knowledge of vulnerabilities and weaknesses across complex IT environments
Demonstrate familiarity with SOC operations and cybersecurity sensors and tools
Demonstrate experience with guidance and work products related to issues tracking, plan of actions and milestones, and transparency of maturity level deltas
Assist in developing and presenting briefs to senior leaders on the organization’s CSSP activity
Basic Qualifications
A bachelor’s degree with 8 years’ IT experience or a Master’s with 6 years of relevant experience (additional experience accepted in lieu of degree)
Prior experience with CBP
Experience briefing C-Suite executives
Experience conducting FISMA audits, financial statement audits and coordinating with OIG and KPMG
Minimum of 5 years as an Auditor/ISSO for major federal information systems
Bachelor’s in Computer Science, IT, Information/Cyber Security from an accredited college or university
Knowledge of auditing security controls and financial processes
Superior writing, communication and critical analysis skills
Deep understanding of Information Assurance, IT and Information Management concepts, processes and procedures
DoD 8570 IAT III
Experience delivering large and complex government projects on time and within budget
Must report to Ashburn, VA office daily if needed
Must be a US Citizen
Preferred Qualifications
CompTIA CASP+
ISC2 CGRC
ISC2 CISSP
ISACA CISA
Notice
All qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.
#J-18808-Ljbffr