Cyber & A&A Security Specialist - Hybrid Remote

Cyber & A&A Security Specialist

Location: Hybrid (Reside within a commutable distance of Silver Spring, MD to work onsite as required)

Citizenship: US Citizenship Required

Security Clearance: Must have or the ability to obtain a Moderate Public Trust

AttainX, Inc. is in search of a highly energetic Cyber & A&A Security Specialist to join our team on a cyber security program supporting our US federal government client.

Basic Minimum Qualifications:

• Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations AND comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards.
• At least 5 years of recent experience (within the last 6 years) in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools.
• At least 5 years of recent experience (within the last 6 years) with enterprise architecture methodologies, concepts, procedures, principles, and tools.
• At least 5 years of recent experience (within the last 6 years) in contingency planning and backup and recovery best practices and application of NIST guidance in this area.
• At least 5 years of recent experience (within the last 6 years) in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.).
• At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework.
• Ability to work in a cohesive team-oriented environment.
• Possess at least one of the following Certifications or be able to Obtain within six (6) months of hire:
  • Certified Information Systems Security Professional (CISSP).
  • Certified Information Systems Auditor (CISA).
  • GIAC Certified Incident Handler (GCIH).
  • GIAC Systems and Network Auditor (GSNA).
  • Electronic Commerce Council Certified Ethical Hacker (CEH).
  • ISC2 Certified in Governance, Risk and Compliance (CGRC).
  • Security Certified Network Professional (SCNP).
  • Security Certified Network Architect (SCNA).

Preferred Qualifications:

• Bachelor's Degree (or higher) in a related field
• Knowledge of assessing and securing cloud-hosted systems in accordance with federal security requirements
• Self-starter, highly motivated individual who adapts to a dynamic work environment
• Strong attention to detail with an ability to operate effectively across multiple priorities.

Key Responsibilities:

• Conduct full lifecycle Security Control Assessments and Authorization (A&A) activities for NWS FIPS 199 Low, Moderate, High, HVA, and hybrid systems in accordance with the NIST Risk Management Framework (RMF), NWS policy, NOAA, and DOC directives
• Validate information System Security Plans (SSPs), FIPS 200, control implementations, and supporting policies and procedures for accuracy, completeness, and NIST SP 800-53 compliance.
• Execute security control test procedures through documentation review, technical validation, and interviews with system stakeholders to determine control implementation status and effectiveness
• Collect, analyze, and document evidentiary artifacts (screenshots, test logs, interview notes) to validate control implementation and effectiveness.
• Utilize CSAM to retrieve POAMs, artifacts, and other pertinent documentation to assist with the A&A process and ensure accuracy of the A&A documentation uploaded in the tool
• Analyze and interpret vulnerability and configuration compliance scan results from tools like Tenable Nessus to identify control gaps, assess risk, and validate remediation actions.
• Develop and maintain pre-assessment and assessment deliverables, including Security Assessment Plans (SAPs), Security Control Assessment (SCA) workbooks, and kickoff deck briefings
• Document assessment results and risk determinations in Security Assessment Reports (SARs), Vulnerability Assessment Reports (VARs), and Authorization to Operate (ATO) briefing deck.

Skills: Cyber Security, Information Security, A&A

Non-Essential Functions: General Duty Requirements

About Us AttainX Inc. is CMMI Level 3, ISO 9001:2015 certified QMS, and a Gold Level SAFe Partner. For over 14 years, AttainX has delivered innovative IT and cloud-based solutions for a broad portfolio of federal clients, including USDA, NOAA, DOE, DHS, and DIA.

Benefits:

• Paid vacation
• Medical, dental, and vision coverage
• Matching 401(k) plan
• Tuition/training reimbursement
• Long & Short-Term Disability

Accommodations: Individuals with disabilities may request reasonable workplace accommodations by contacting AttainX Human Resources directly and specifying the nature of the support needed.

EEO Commitment: AttainX is an Equal Employment Opportunity employer and prohibits discrimination in the workplace based on Title VII of the Civil Rights Act, VEVRAA, Section 503, and other applicable laws. These protections extend to all applicants and employees.

Physical Demands: This position requires extended periods of sitting, computer use, and communication via phone or email. Occasional lifting of up to 10 pounds may be necessary. Vision abilities required include close, distance, and peripheral vision as well as depth perception