Anticipated Start Date:
January, 2010
Location of Work:
Oakton, VA
Salary:
Salary commensurate with experience
Clearance Requirements:
IRS Public Trust
Minimum Required Qualifications:
4+ years of Information Security related experience, CISSP preferred (not required) or equivalent certifications
Position Description:
MPG is seeking a candidate who can provide information assurance and security engineering services involving vulnerability and risk assessment support utilizing NIST 800-30. The candidate must be able to perform the initial Risk Assessment for government information systems which occurs during the planning, requirements definition, design and development and testing phases of the SDLC and identify the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. For this task, the nine major activities are evaluated and performed:
* System Characterization
* Threat Identification
* Vulnerability Identification
* Control Analysis
* Likelihood Determination
* Impact Analysis
* Risk Determination
* Control Recommendations
* Results Documentation.
The candidate must also support the client with four of the seven NIST 800-30 Risk Mitigation activities:
* Prioritize Actions
* Evaluate Recommended Control Options
* Select Appropriate Controls
* Assign Implementation Responsibility
The candidate will also be required to perform a Security Test & Evaluation (ST&E) in support of the Security Certification Phase. The candidate will be required to execute the security assessment selected security controls for a High, Moderate and/or Low Baseline systems utilizing guidance from NIST 800-53A, Appendix J and specific government agency security policy and procedures. Also using guidance from NIST 800-53 and NIST 800-37 on scooping and tailoring security controls based on the security impact of the security categorization objective (Confidentiality, Integrity, and Availability). MPG also provides support with customizing test cases in order to adequately meet the unique needs of the information system while ensuring plan and execution methodology for testing and verifying management, operational and technical controls consistent with NIST 800-53A Examine, Test and Interview objectives.
The candidate will also be required to support automated vulnerability scan analyses that involves the identification of weaknesses, providing provisional risk levels and identifying recommended mitigation actions to reduce the risks to the client systems. The candidate will also be required to prepare a Security Assessment Report (SAR) for the client and brief on weaknesses and risk indentified during the Certification process.
- Location: Oakton, VA
- Compensation: Salary commensurate with experience
- Principals only. Recruiters, please don't contact this job poster.
- Please, no phone calls about this job!
- Please do not contact job poster about other services, products or commercial interests.