Upvote
Downvote
Information Systems Specialist II (Mid)
Share Job
- Suggest Revision
Full-time
- Selected incumbent will support in the area of information system cybersecurity management ensuring security posture and compliance tasks, to include but not be limited, program and information system / application support ensuring security in all phases of system engineering process, supporting information system / application Risk Management Framework (RMF) task(s) in accordance with NIST Special Publication 800-37, addressing and documenting system requirements (controls).
- Provide support to the continuous monitoring process, assessing and evaluating Information System (Hardware and Software) inventory to detect vulnerabilities, identifying critical and high weakness via insecure application development techniques, inherited controls from Common Control Provider including FedRAMP cloud service providers (CSP), networked enclaves, and provide remediation or corrective actions to improve the security posture.
- Provide cybersecurity expertise to support cybersecurity in the System’s Development Life Cycle (SDLC) process, including supporting processing for requirements review in development phases (Agile, Spiral, DEVSECOPS or Waterfall model), annual Security Assessment and Authorization (SA&A), and Information System Continuous Monitoring (ISCM).
- Assist the System Owner, Information Owner, Component Privacy Officer and Information System Security Manager (ISSM) in recording all known security weaknesses of assigned information systems in the Plans of Action and Milestones (POA&M’s) in accordance with DOT policy, guides and procedures.
- Keen understanding of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) in detail of all supporting steps and Cybersecurity Framework (CSF) and Privacy Act.
Active Job
Updated 1 month agoSimilar Job
Relevance
Active