We are seeking a Security Assessments and Authorization Analyst to join our team to support the Office of the Director (OD) within the National Institutes of Health (NIH) at Bethesda, MD. You will be part of a System Assessments and Authorization (SA&A) Security team. As a key participant within a cohesive Information Assurance (IA) and security engineering team, you will share responsibilities for conducting FISMA-compliant System Assessments and Authorization (SA&A) and maintaining continuous Approval To Operate (ATO) for customer built and maintained applications supporting missions worldwide. You will also share in responsibilities for maintaining security systems and conducting security operations for accredited infrastructures and applications.
The Security Engineering team culture promotes interaction among team members for determining best direction for both our team and client. Our team culture also promotes individual mentorship and technical career path growth in latest information system technologies. Our team constantly seeks out to provide smart and effective solutions backed by efficient team-built system architectures plus team documented and tested process and procedures. On this program we provide support for 2,700 end-customers residing in approximately 20 buildings. Support includes 24x7 on-call duty support for monitoring of critical systems and for VIP support. Our team focuses on maintaining excellent customer experience as it relates to service requests and maintain and improve interoperability between IT infrastructure systems.
In this role, a typical day will include:
Participate in the assessment of low, moderate, and high impact information systems to include Cloud service offerings.
Complete comprehensive test plans for identified security controls following NIST 800-53a, FedRAMP guidance, and/or agency-specific guidance.
Produce complete, accurate, and timely findings reports using client defined templates
Review and analyze needed updates to existing set of security documents (e.g., system boundaries, privacy impact assessments [PIAs], system security plans [SSPs], risk assessments [RAs], memoranda of understanding, interconnection security agreements, contingency plans [CPs], etc.)
Maintain currency on latest security vulnerabilities and options for mitigation.
Develop risk mitigations and recommendations for identified security assessment findings.
Review system categorization and associated controls.
Establish and maintain professional relationships with clients, customers, and team members and escalate issues when necessary.
Maintain currency in federal cybersecurity policy, e.g., Office of Management and Budget (OMB) Memorandum, NIST Special Publications, and FedRAMP.
BS degree in Computer Science or Information Technology (or equivalent) and five experience of experience
Experience accomplishing System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.
Experience in Independent Security Assessment and Reporting (SAR) as part of application System Development Lifecycle (SDLC).
Knowledge of Security control assessments as part of Continuous Monitoring NIST SP 800-53 V4 compliance sustainment for application, infrastructure, and network.
Must have an ITIL Foundations Certificate or be able to obtain within six months of employment.
Must be able to obtain a NIH Public Trust.
Experience with federal regulations and security compliance requirements for civilian federal agencies (FISMA, NIST 800 series, OMB A-130, FedRAMP, etc.)
Experience conducting security control assessments/audits using NIST SP 800-53, including preparation of complete authorization packages.
Minimum of one year experience conducting FedRAMP Readiness Assessments for FedRAMP cloud environments or knowledge of cloud security.
Experience drafting SOPs and technical work instructions
Ability to communicate technical subjects effectively in both verbal and written mediums to both technical and non-technical audiences.
Good problem-solving aptitude.
Desire to work in a team environment
Ability to balance and manage customer needs, daily responsibilities and additional projects as assigned.
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.