Job Description

Location of Services: Herndon, VA 20171 (1 day a week)

Employment Type: FTE + Benefits

Remote: 80% (4 days a week)

Supports the FedRAMP and FISMA authorization(s) of new Cloud Products and 3rd Party Applications into various cloud environments. This effort requires security testing/assessment support, the knowledge/development of the appropriate security documentation (i.e., System Security Plan (SSP), plans and procedures), and ongoing continuous monitoring activities. This position is majority remote (post-pandemic).

This role serves as a “hands-on” senior-level technical security analyst responsible for interfacing with operations and security engineering teams on security issues and information gathering and documenting their implementation in the SSP.

Additionally, this role will assist with the security assessments and continuous monitoring of evidence for any of the clients environments (corporate, commercial regulated, FedRAMP, DOD and International).

GENERAL RESPONSIBILITIES:

• Configuration, Execution and Analysis of vulnerability scans
• Ability to interpret and assess network diagrams and drawings using Visio.
• Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation model, PPS compliance, patching, and Cybersecurity Vulnerability Assessments (CSVA) mechanisms.
• Demonstrate familiarity with current FedRAMP, DOD and NIST Security controls and technologies, including vulnerability management capabilities.
• Understand enterprise operating environments, including security posture, application environment, and associated security controls.
• Understand/document information system specifications and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system.
• Gather information, architecture diagrams and implementation of the security controls through interfacing with the security engineering, and operations and build teams.
• Develop security documentation input of technical control implementation
• Understand the intent of the FedRAMP moderate security controls, FISMA security controls and communicate as needed
• Assist with the FedRAMP or FISMA authorization to include, but not limited to, prep of security engineering, build and operations teams through training and mock interviews, update implementation language in the security documentation and develop processes as required, and support FedRAMP PMO/ Agency / CISO requests
• Ability to respond effectively to customer’s concerns regarding ConMon activities

Qualifications

• Bachelor’s Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical discipline
• Minimum 5 years Information Technology experience
• Experience with Cloud technologies, especially AWS and Azure, desirable
• Experience with FedRAMP and/or other authorization processes and NIST risk management framework
• Execution and Analysis of vulnerability scans; such as but not limited to: Nessus/Security Center, WebInspect, etc.
• Familiarity with Splunk to execute queries, search/review data for impact.
• Experience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirable
• Flexible, self-motivated, and able to work independently in a fast paced environment
• Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.
• Skill in preparing and making written and oral presentations of complex technical nature.
• Demonstrated ability to coordinate multiple tasks
• U.S. Citizenship

See more jobs at FSRLLC

Apply for this job

Job Description

A Sr. technical expert on software engineering with modern and cloud technologies is needed to pave the way to better healthcare to providers. This will serve as Sr. technical lead and primary architect for developing and maintaining various scales of information systems. Advise and lead Sr. and associate developers in system design, technology adaption, and security implementation. Work with directors and Sr. management to develop and set a technology development path for the organization. Lead the effort in training Sr. and associate software developers with new and mature technologies applicable to the organization’s needs. When appropriate and/or required, act as project leader, and work with various stakeholders to ensure the successful delivery of software systems.

• Architects, plans, leads and executes programming approaches to support various development projects. Can code at an expert level in applications such as C#, ASP.NET, .NET Core, SQL, React, TypeScript, Git, Azure, Knockout etc.
• Provides technical assistance to users of applications; troubleshoots technical problems; communicates solutions to users and/or delegates to the appropriate staff.  Provides guidance to addressing customer issues related to software.
• Assist Sr. management in setting standards for modern and cloud technologies, developing best practices for implementation.

Qualifications

• 8+ years experience or specific educational background sufficient to demonstrate competency  with Microsoft technology, including ASP.NET (C#) and SQL Server
• 5+ years with Cloud technologies such as Azure / AWS / Google Cloud
• Proficient with appropriate programming languages, particularly ASP.NET and modern web frameworks like React. Comfortable with Object Oriented Programming and Software Patterns.
• Excellent interpersonal skills. High motivation and ability to work with teams to meet project objectives.
• Ability to work on multiple projects simultaneously.
• Ability to meet project deadlines and goals without management supervision
• Awareness of database design concepts and proficiency in a general cloud environment
• BS in a field related to computer science or information systems, or advanced degree, or additional specific training and/or certification in 4th generation computing language

See more jobs at FSRLLC

Apply for this job

Job Description

System Technical Security Analyst

Location of Services: Herndon, VA 20171 (Remote)

Employment Type: FTE + Benefits

Client is supporting the FedRAMP and FISMA authorization(s) of new Cloud Products and 3rd Party Applications into our various cloud environments. This effort requires security testing/assessment support, the knowledge/development of the appropriate security documentation (i.e., System Security Plan (SSP), plans and procedures), and ongoing continuous monitoring activities. This position is majority remote (post-pandemic).

This role serves as a “hands-on” senior-level technical security analyst responsible for interfacing with the build, operations and security engineering teams on security issues and information gathering; creating and managing the Plan of Action and Milestones (POAM) for multiple environments, configuration/execution/analysis of vulnerability scans, gathering the security control implementations information for the technical controls and documenting their implementation in the SSP.

Additionally, this role will assist with the security assessments, and continuous monitoring evidence for any of the CLIENT environments (corporate, commercial regulated, FedRAMP, DOD and International).

The Technical Security Analyst will be responsible for maintenance of the commercial and corporate environment POAM and analysis of the corresponding vulnerability scans; development of the metrics / trends of vulnerabilities, assisting with the FedRAMP or FISMA authorization processes to include prep of the operations and build teams, and technical documentation summary and update as required. This role serves as a senior level technical security analyst who has the knowledge to create policies and execute vulnerability scans as needed, evaluates the vulnerability scan data and control implementation and who can provide thoughtful recommendations, as well as conduct security impact analysis of changes to the environments. This role must communicate between security, engineering, build/development and operations teams daily, and be able to interpret and document the results of data gathering.

GENERAL RESPONSIBILITES:

• Configuration, Execution and Analysis of vulnerability scans
• Ability to interpret and assess network diagrams and drawings using Visio.
• Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation model, PPS compliance, and patching, Cyber Security Vulnerability Assessments (CSVA) mechanisms.
• Demonstrate familiarity with current FedRAMP, DOD and NIST Security controls and technologies, including vulnerability management capabilities.
• Understand enterprise operating environments, including security posture, application environment, and associated security controls
• Understand/document information system specifications and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system.
• Gather information, architecture diagrams and implementation of the security controls through interfacing with the security engineering, operations and build teams
• Develop security documentation input of technical control implementation
• Understand the intent of the FedRAMP moderate security controls, FISMA security controls and communicate as needed
• Assist with the FedRAMP or FISMA authorization to include, but not limited to, prep of security engineering, build and operations teams through training and mock interviews, update implementation language in the security documentation and develop processes as required, and support FedRAMP PMO/ Agency / CISO requests
• Maintain and update a monthly Plan of Actions and Milestones (POAM), inventory and other continuous monitoring deliverables as appropriate
• Ability to respond effectively to customer’s concerns regarding ConMon activities

Qualifications

• Bachelor’s Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical discipline
• Minimum 5 years Information Technology experience
• Experience with Cloud technologies, especially AWS and Azure, desirable
• Experience with FedRAMP and/or other authorization processes and NIST risk management framework
• Execution and Analysis of vulnerability scans; such as but not limited to: Nessus/Security Center, WebInspect, etc.
• Familiarity with Splunk to execute queries, search/review data for impact.
• Experience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirable
• Flexible, self-motivated, and able to work independently in a fast paced environment
• Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.
• Skill in preparing and making written and oral presentations of complex technical nature.
• Demonstrated ability to coordinate multiple tasks
• U.S. Citizenship

SPECIFIC TECHNICAL SKILLS DESIRED:

• Professional industry certifications in area of expertise.
• Knowledge of Best Practice and security guides (ex. NIST 800-53 rev 4, NIST 800-53, FedRAMP)
• ISC CISSP or ISACA CISM or equivalent certification

See more jobs at FSRLLC

Apply for this job