Location: Chantilly,VA, USA
Cybersecurity Specialist/Mid-LevelThe position is hybrid-remote to DC Metro area onlyKingfisher Systems, Inc. (Kingfisher) specializes in providing a full range of Information Technology, Cybersecurity, Intelligence, and support services to the U.S. Government. Kingfisher's core competency is technology-enabled services with a specific focus on national security. Since 2005 Kingfisher has established itself as a recognized and trusted partner whose mission is safeguarding sensitive information, operations, and programs for our Federal customers and U.S. warfighters.ResponsibilitiesThe Cybersecurity Specialist/Mid-Level defines, designs, and develops system requirements. Performs tradeoff analyses of performance, life-cycle cost, risk, productivity, and other system or program requirements. Assesses architecture and current hardware limitations, defines and designs system specifications, and evaluates input/output processes and working parameters for hardware/software compatibility. Coordinates design of subsystems and integration of total system. Defines system support requirements. Analyzes and resolves program support deficiencies. Conducts independent technical investigations in systems design. Evaluates vendor capabilities to provide required products or services. Government customer information systems are considered in one of three states of System Authorization: Initial Authorization, Reauthorization, or Continuous Monitoring Assessment (CMA), also known as ongoing authorization. The Cybersecurity Specialist/Mid-Level must conduct comprehensive security assessments to yield a clear understanding of security status and risk to operations and executing the mission.Review the customer's System Authorization process as defined in the current customer Security Authorization and Continuous Monitoring Performance Guide and associated templates and provide recommendations for updates to create a draft Assessment Package for approval.Review of the existing information system's core documentation, including privacy requirements data to support the development of security assessment plans.Ensure the accuracy of the system inventory, categorization, plan of action and milestones (POA&Ms), and other technology types within the authorization boundary.Validate system support services (vulnerability scanning and security monitoring technology) and personnel roles, including but not limited to:Authorization Official and Authorization Official Designated RepresentativeSystem OwnerInformation System Security OfficerPrivacy OfficerApplication/System AdministratorCommon Controls Provider (CCP)Cloud Service Provider (CSP)FedRAMP access to packages will be approved (as required) to ensure the accuracy of information and notification of the assessment schedule.Review and establish an Annual Assessment Schedule in support of deliverables and artifacts.Develop the required Security Assessment Plans (SAP) and Security Assessment Reports (SAR) to be compliant with the latest revisions of NIST Special Publication 800-53A and NIST SP 800-37.Develop Security Assessment Motives in the customers Cybersecurity Assessment Management system (CSAM) to support controls selection commensurate to approved SAP.Adhere to the approved SAP while conducting authorized security assessments. Collect and catalogue evidence of security controls assessment findings.Develop SAR in accordance with the scope defined in the SAP, detailing assessment findings of controls assessed with supporting evidence.Develop and update system qualitative risk assessment reports (RAR) compliant with NIST SP 800-30.Develop a Recommendation Report and draft a Plan of Action and Milestones in accordance with requirements in CSAM.Develop a Security Assessment Executive Summary including documents for a presentation, providing summary of activities completed, findings, risks, and recommendations.Provide an Executive Summary Briefing at customer site or hosted virtually.Ensure all written and published media is relevant to the topic and provide clear plain language without grammar or spelling errors.Required QualificationsHighly skilled in cybersecurity with a keen understanding of technology including application, databases, networking, and architecture.Ability to communicate complex information in a confident and well-organized manner.Experience developing and delivering System Security Plans in CSAM.Experience in application and system continuity and risk strategies.Experience in network firewall, data loss prevention, network intrusion detection systems, and intrusion prevention systems.Experience in Operating Systems and systems services (Windows Server, Linux/Unix, and Active Directory).Ability to conduct dynamic web application security testing.Experience in application and database security assessment, scanning and results interpretation.Ability to format and configure large documents in Microsoft suites and Adobe PDFs.Ability to function effectively in a dynamic, fast-paced environment.Additional RequirementsKnowledge of applicable laws, statutes, Presidential Directives, executive branch guidelines, and administrative/criminal legal guidelines and procedures.Understanding of CSAM application and its reporting and controls management.Required Certifications: One of the following, at a minimum:Certified Authorization Professional (CAP)Systems Security Certified Practitioner (SSCP)Associate Certified Information Systems Security ProfessionalCertified Information System Security Professional (CISSP)Certified Information Systems Auditor (CISA)Years of Experience: Minimum of four (4) years of progressive experience supporting information technology and cybersecurity projects.Degree Requirement: Bachelor's Degree or equivalent.Minimum Clearance Requirement: Must be eligible for Public Trust.U.S. Citizenship: Required.Kingfisher Systems, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, protected veteran status, or status as a qualified individual with a disability.#J-18808-Ljbffr