Sr System Security Automation Specialist

Description & Requirements

This position is for a System Security Automation Specialist.

Responsible for direct interface with agency Information Systems Security Officials (ISSO), Chief Information Officer (CIO), Science Information Officer (SIO), and other officials to support security requirements and initiatives.

Responsible for the review and documentation processes of systems in the context of IT Security.

Perform risk analyses which also includes risk assessment leading to a formal Authority to Operate (ATO) status of system compliance.

The level of support includes guidance, recommendations, and SA&A support.

Position is remote.

Candidate must reside locally to attend onsite meetings in the Atlanta office.

Responsibilities:

• Ensures that applications and infrastructure support activities are in full compliance with all federal wide OMB and agency policies and procedures, including adherence to EPLC standard processes and procedures, as well as adherence to federal NIST 800-53_rev 5, NIST 800-171 security standards.

• Candidate will have an active role on the team to support the review & compliance of NIST 800-171 policies along with other security and compliance responsibilities.

• Support Security Assessment & Authorization (SA&A) process

• Conduct and document Privacy Impact Assessments utilizing agency guidance.

• Review system logs.

Develop and monitor security and privacy controls.

• Provide Change Management support to stewards to include completing the CM process prior to system and application changes.

• Develop and manage Plan of Action and Milestones (POA&M) for systems to identify, assess, prioritize, and monitor the progress of corrective actions for security weaknesses as discovered.

• Provide Privacy Impact Assessment (PIA) guidance and support SORN implementation.

• Develop Exceptions and Waivers to support mission-related needs.

• Develop draft security and privacy policies and standards.

• Review and process assigned procurement requests.

• Conduct and review application and system vulnerability scans.

Provide scan results to system stewards including remediation guidance.

• Assess security controls (SCA) to support ISSO certification authority.

• Act as Security Steward and/or alternate for systems as needed.

• Review and process software-related requests for customers

Required Skills:

• High knowledge of NIST 800-171 policy and governance

• Advanced technical competencies in information assurance and security relevant to the analysis, design, and development of security features policy and controls for regulatory requirements such as FISMA, HIPAA, and the Privacy Act.

• Strong understanding of the IT Security & Privacy laws, regulations, and NIST standards.

• Advanced knowledge of IT enterprise security scanning, threat remediation, penetration testing as directly applicable to IT data processing complex with high sensitivity and personal identification/cl...