Why Work at SI?
Secure Innovations (SI) successfully and continuously strives to become experts in the Cybersecurity field by only focusing on Cyber! Because of this, we proudly stand behind our motto, "We're Not Standard Cyber. We're the Cyber Standard."
SI was built on the principle that people matter first and foremost. Our focus is on PEOPLE - our employees and our customers. SI believes in providing a strong work/life balance by investing in our employees and encouraging professional and personal growth. We do this by offering exceptional benefits, flexible schedules, and the tools necessary to achieve success through paid training, mentoring, and the opportunity to work alongside top-notch security professionals.
Education & Clearance Requirements:
• BS & 8 - 12+ yrs. of experience
• Secret clearance
• CISSP Preferred / Sec+ (minimum)
Day to day activities will include, but not be limited to:
• Conducting vulnerability scans, system assessments, risk analysis, and technical recommendations to validate compliance.
• Conducting verification and validation for security information systems, products, and components.
• Analyze design specifications, design documentation, configuration practices and procedures, and operational practices and procedures.
• Provide identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance.
• Verify and validate that the system meets the security requirements.
• Assist in determining the type of cloud solution for information systems i.e., IaaS, PasS, SaaS.
• Review completeness and accuracy of DISA Provisional Authorization (DISA PA).
The following knowledge/experience is Required:
• Knowledgeable of CNSSI No. 1253, Security Categorization and Control Selection
• Minimum of 5 years of Risk Management Framework (RMF) experience
• Knowledgeable of NIST SP 800 Series, FIPS Pubs 199/200, POA&M, DoDI 8500/8510.01, FISMA, A&A, SSP, Risk Assessment, Privacy Security Controls, CNSSI 1253
• Experience with Security Content Automation Protocol (SCAP) Compliance Checker
• Experience in Identifying and Assessing risks, identifying mitigation strategies, impact levels, and developing risk management framework recommendations based on the organization’s mission/business.
• Experience with Implementing and assessing RMF privacy security controls on networks storing, transmitting, or processing Personal Identifiable Information (PII).
• Experience in performing Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation. Experience with Certification and Accreditation activities, in particular, experience in the area of moving accreditation packages through the RMF process to Authority To Operate (ATO).
• Experience working in the FedRAMP cloud environment understanding IaaS, PaaS, and SaaS regarding cloud service provider security control responsibilities and customer responsibilities. Vulnerability and Risk Assessment, Analysis, and Reporting Federal Risk and Authorization Management Program ATO (FedRAMP). Ability to clearly differentiate between a FedRAMP ATO and Agency ATO, the process for a system to be accredited from a FedRAMP standpoint.
• Knowledgeable of the Federal Information Security Modernization Act (FISMA)
• Knowledgeable of Information Assurance Vulnerability Alerts (IAVA’s) and Bulletins (IAVBs), Information Assurance Vulnerability Management (IAVM) program, and Secure Technical Implementation Guide (STIG) compliance.
• Experience with Assured Compliance Assessment Solution (ACAS) server and SecurityCenter and Nessus scanner systems.
• Experience with System Security Assessments
• DISA Security Content Automation Protocol (SCAP) content and Security
Technical Implementation Guides (STIGS)
• DoD 8500. 01 and DoD 8510. 01 and National Institute of Technology Standards (NIST) publications
Knowledge in the following areas is desired/preferred:
• Joint Authorization Board (JAB)
• Malware and Virus prevention, detection, and remediation
• Analysis of system auditing and logging
• Repository (DITPR) /Department of Navy (DON)
• Networking, System Administration Windows and Unix/Linux platforms
• Database Administration and Application Development
• Project Management
• USN and/or USMC Certification and Accreditation tools eMASS and MCCAST
• Patch Management, Incident Response, and Asset/Inventory Management
• Payment Card Industry Data Security Standards (PCI DSS) Requirements
ABOUT OUR COMPANY:
Secure Innovations, LLC. (SI) is a Service Disabled Veteran Owned Small Business, headquartered in Columbia, Maryland. We are a growing company that specializes in modernizing and operating reliable IT systems by harnessing emerging technologies with proven innovations. Our capabilities include a full range of IT engineering, cyber security, IT strategic planning, IT operations, program management, software/application development, and IT communications implementation.
Secure Innovations, LLC. is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, or disability.