Karsun Solutions LLC

  • Information Assurance Analyst

    Job Locations US-VA-Herndon
    Posted Date 1 month ago(10/18/2018 11:02 AM)
    ID
    1842
    # of Openings
    1
    Category
    Information Technology
  • Overview

    This position supports the General Services Administration (GSA) CAMEO program. The Karsun team is responsible for the development, maintenance, and enhancement (DM&E) and operation of selected GSA Federal Acquisition IT Systems. All employees must be able to pass a Federal Suitability Check for a position of public trust. The GSA CAMEO program supports the operations of multiple business applications, as well as development of new applications across different technologies. The Karsun software development team is responsible for the software design and implementation of web applications supporting multiple Business Lines within GSA. Successful candidates are modern web development specialists experienced in translating business requirements into software architecture.  In addition to strong software development skills, ideal candidates have demonstrated experience in working on an Agile Scrum team. Position location is in Herndon, VA. 

    Responsibilities

    Responsibilites: 

    Individual would work client's ISSM and ISSOs to support Information Assurance and audit activities. 

    Interpret operating system, database, and web application vulnerability scan reports.  Track and manage existing and future vulnerabilities through the system Plan of Action and Milestones (POA&M).  Remediating issues identified in PoAMs as specified by security policy.  Write and update security documentation (System Security Plans, Contingency Plans, Business Impact Analysis, Privacy Impact Assessments, etc.).  Validate system hardware and software inventories.  Review and track firewall change requests.  Support security assessment, Payment Card Industry PCI) Data Security Standards (DSS) and other Audit activities such as annual FISMA self-assessments.  Ensure compliance with the GSA IT Security Policy CIO P 2100.1H, IT Security Procedural Guide Managing Enterprise Risk (CIO-IT Security-06-30 revision 7, IT Procedural Guide Security Language for IT Acquisition Efforts CIO-IT Security-09-48 revision 1.  Additionally, provide continuous monitoring support, maintaining and monitoring controls within the system security plan.  Perform Privacy Impact Assessments (PIA) and maintain PCI DSS as appropriate.  In support of audits, providing evidentiary artifacts and responding to inquiries/questions from auditors. 

    Qualifications

    Required Skills:

    • Extensive knowledge of NIST Publications (800-53, etc.), FISMA, PCI-DSS
    • Great oral and written communication skills
    • Security documentation writing experience: System Security Plan (SSP), Contingency Plans (CP), Plan of Action and Milestones (POA&M), Acceptance of Risk (AOR), Business Process Document (BPD), etc.

    Desired Skills: 

    • Knowledge of GSA policies and procedures
    • ISSO role experience in a production environment

    Qualifications (Education/Experience)

    • Minimum Education: B.S. Computer Science or Information security degree
    • Minimum 5 years experience of ISSO role experience in a production environment
    • Security related certifications (CISSP, CISM, CISA)

    For more information on this or any other position, chat one-on-one with our recruiters during our weekly virtual chat event every Thursday at 12:00pm EST.

    Karsun Solutions is an Equal Employment Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed