Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate high level data and cyber security risks. Designs, tests and implements state-of-the-art secure operating systems, networks, and database products. Conducts risk assessment and provides recommendations for application design.

Job Responsibilities

* Draft, review, and update Risk Management Framework (RMF) artifacts required for FISMA Compliance, including the System Security Plan, Security Categorization, Risk Assessments, Privacy Impact Assessment, Contingency Plans.
* Identify unique system characteristics, interview key organizational personnel, compose requisite documentation (security categorizations, risk assessments, contingency plans, security test & evaluation reports, vulnerability assessment reports, etc.).
* Ability to map complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices.
* Requires strong understanding of standards and requirements outlined by FISMA, NIST, OMB and others.
* Maintains the computer and information security incident, damage and threat assessment programs.
* Responsible for the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results and preparation of required reports.
* Responsible for system audits and ensures all corrective measures are completed.
* Designs, develops, or recommends integrated system solutions ensuring proprietary/confidential data and systems are protected.
* Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems.
* Reviews processes and security protocols and makes recommendations for increased cyber security protection.

Minimum Qualifications

Bachelor's Degree in Computer Science or a related field or equivalent experience; Advanced Degree preferred.
5+ years of experience in systems security. 1-3 years of experience developing Cyber Security governance and policy processes and documentation, Knowledge of Federal Cyber Security policy/guidance including OMB, Executive Orders, and NIST 800 Series.

- Candidates must be US citizens and will be required to undergo a background investigation in order to gain access to classified information. Existing TS/Q clearance is a plus.

Other Job Specific Skills

* Must be able to communicate effectively and clearly present technical approaches and findings.
* Exercises considerable latitude in determining technical objectives of assignments.
* Excellent attention to detail.
* Must be able to balance multiple tasks simultaneously.
* Advanced knowledge of encryption, vulnerability assessment, penetration testing, cyber forensics, intrusion detection, and incident response and remediation.
* May interface with external entities including law enforcement, and intelligence/government agencies.
* Exercises considerable latitude in determining technical objectives of assignment.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.