Sr. Fisma Security Analyst

Eliassen Group is looking for a Senior FISMA Security Analyst to support federal compliance and governance requirements for all systems within the General Services Administration. The purpose of this role is to assist the Director of Enterprise Security with a major task order driving digital transformation and delivering continuous improvement and business value to its customers. You will help shift offerings to provide a more flexible service delivery model, completing the agency’s shift to a fully digital experience along with its adoption of advanced, emerging technologies such as intelligent automation, artificial intelligence, and machine learning.

RESPONSIBILITIES

● Assist in the creation, maintenance, and monitoring of Assessment and Authorization (A&A) documentation to obtain initial Authorization to Operate (ATO), On-Going Authorization, and Continuous Monitoring

● Be fluent with the RMF and NIST special publications; specifically SP-800-128, SP-800-60, 800-53 and STIGS

● Coordinate with program/project stakeholders, technical teams, the Information Systems Security Officer (ISSO), Information Systems Security Manager (ISSM) and other team members to define, implement and maintain an acceptable information systems security posture

● Performs extensive analysis to validate established security requirements and to recommend additional security requirements and safeguards

● Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports

● Coordinate across business lines to lead and support FISMA and Financial Audit Requirements

● Translate operational requirements into technical requirements to meet program objectives and have the ability to assist in documenting those requirements

● Reviewing and evaluating information technology software, hardware and networks and the overall cyber security posture of information technology systems

● Recommending security improvements based on advances in industry or in response to threat intelligence.

● Maintain cybersecurity compliance, implement steps to mitigate threats and understand reporting requirements

● Provide continuous monitoring security expertise to business units and key stakeholders

● Provide timely status updates/reporting on assessments and assigned projects

● Create and deliver end user-related briefings and training and policy and/or compliance updates

REQUIREMENTS:

This following are REQUIRED for this position:

● Ability to obtain a Public Trust Clearance and ITILv4 Foundation Certification

● Possesses and applies a comprehensive knowledge across key tasks and high impact assignments.

● Plans and leads major technology assignments.

● Evaluates performance results and recommends major changes affecting short-term project growth and success.

● Functions as a technical expert across multiple project assignments.

● Proven ability to work independently in a full and/or partial remote environment with limited supervision and may supervise/lead others.

● Possess the ability to communicate in both oral and written forms, demonstrating an ability to communicate effectively with all levels of staff as well as clients.

● Maintain standard working hours per the DIGIT contract and to be available for meetings, and other collaborative efforts during working hours.

● Demonstrated ability to apply comprehensive knowledge across key tasks and high impact assignments with the ability to use practical experience and training to determine how to accomplish tasks.

DESIRED QUALIFICATIONS:

The following are DESIRED for this position:

● CISSP, CISA, CISM, Security+ or other relevant security certifications

● Familiarity with CUI requirements for unclassified IT systems a plus

● Have track record of competency in obtaining initial A&A and reauthorization

● Familiarity with Unclassified network administration, including:

● Experience in network infrastructure and security best practices

● Experience with Local Area Network administration and maintenance, including user control and VPN access

● Experience with firewalls

● Experience with Mobile Device Management

● Comfortable with Windows operating systems

● Willingness and ability to independently take on a variety of IT Compliance tasks

● Linux operation systems experience

● Familiarity in the Google Suite (Gmail, Calendar, Chat, Meet, Docs, Slides, Sheets), Microsoft Office (Word, Excel, PowerPoint, Outlook), Slack, and ServiceNow.

EDUCATION AND EXPERIENCE:

The following are the education and experience required for this position:

● 10 - 15 years of experience and bachelor's degree

● Experience as a remote worker demonstrating time management and self-discipline with cultural change management and Agile mindset.