System Administrator
Location : Luray, VA
Hybrid role.
This role requires Federal Security Clearance
Looking only for W2 (no C2C or C2H)
Required Skills:
i.A Bachelor degree in Computer Science or a related engineering field with training in information security
ii. 10+ years’ experience in Information Security
iii. 5+ years’ experience building and managing Windows server platforms
i. Thorough knowledge of NIST 800 Special Publications, Federal Information Processing
ii. Expertise the NIST Risk Management Framework to generate and maintain SA&A documentation to include System Security Plans, Security Assessments Reports, and Risk Assessments for internal and cloud-based systems (ie., FedRAMP)
iii. Experience using security scanners (e.g. Nessus, Nexpose, etc) and remediating vulnerabilities
Roles and Responsibilities
- Using the NIST Risk Management Framework (RMF) to conduct assessments of Information
- security controls in order to measure the effectiveness of controls and identify control gaps
- Ensure compliance to guidance, standards and regulations such as NIST Special Publications,
FIPS, FedRAMP, and other federal regulations and policies
- Preparing Security Impact Assessments, Addendums, Security Authorization Packages and including documentation such as Authorization
- Official Out-briefs, Security Authorization Recommendations and Security Authorizations
Memorandums
- Identify, assess, and prioritize identified risks
- Collect evidence, artifacts, and document findings to support conclusions
- Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies
- Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
- Coordinate third-party risk assessments and IT audits
- Manage remediation efforts and report on the status of control deficiencies
- Support security initiatives and global policy adherence and awareness efforts
- Support global information security metrics and reporting program(s)
- Provide security expertise to business units and key stakeholders
- Enforce policy adherence and manage formal policy exception requests
- Provide timely status updates/reporting on assessments and assigned projects
