Cybersecurity Specialist - Mid-Level; Hybrid-Remote to DC area - E

Overview

Cybersecurity Specialist/Mid-Level (hybrid-remote to DC Metro area only)

Kingfisher Systems, Inc. (Kingfisher) specializes in providing a full range of Information Technology, Cybersecurity, Intelligence, and support services to the U.S. Government. Kingfisher's core competency is technology-enabled services with a specific focus on national security. Since 2005 Kingfisher has established itself as a recognized and trusted partner whose mission is safeguarding sensitive information, operations, and programs for our Federal customers and U.S. warfighters.

• Cybersecurity Specialist/Mid-Level defines designs and develops system requirements. Performs tradeoff analyses of performance, life-cycle cost, risk, productivity, and other system or program requirements. Assesses architecture and current hardware limitations; defines and designs system specifications, and evaluates input/output processes and working parameters for hardware/software compatibility. Coordinates design of subsystems and integration of total system. Defines system support requirements. Analyzes and resolves program support deficiencies.
  
  Conducts independent technical investigations in systems design. Evaluates vendor capabilities to provide required products or services. Government customer information systems are considered in one of three states of System Authorization:
  Initial Authorization, Reauthorization, or Continuous Monitoring Assessment (CMA), also known as ongoing authorization. The Cybersecurity Specialist/Mid-Level must conduct comprehensive security assessments to yield a clear understanding of security status and risk to operations and executing the mission.
• Review the customer s System Authorization process as defined in the current customer Security Authorization and Continuous Monitoring Performance Guide and associated templates and provide recommendations for updates to create a draft Assessment Package for approval.
• Review the existing information system s core documentation, including privacy requirements data to support the development of security assessment plans, to include level of rigor (depth and breadth), and schedules support authority decision anniversary dates.
• Ensure the accuracy of the system inventory, categorization, plan of action and milestones (POA&Ms), and other technology and technology types within the authorization boundary.
• Validate system support services (vulnerability scanning and security monitoring technology) and personnel roles, including but not limited to:
  Authorization Official and Authorization Official Designated Representative;
  System Owner;
  Information System Security Officer;
  Privacy Officer;
  Application/System Administrator;
  Common Controls Provider (CCP); or Cloud Service Provider (CSP).
• FedRAMP access to packages will be approved (as required) to ensure the accuracy of information and notification of the assessment schedule.
• Review and establish an Annual Assessment Schedule in support of deliverables and artifacts.
• Develop the required Security Assessment Plans (SAP) and Security Assessment Reports (SAR) to be compliant with the latest revisions of NIST SP 800-53A, NIST SP 800-37, and related guidance. SAPs must detail the assessment scope with clarity, including scope exclusions, controls being assessed, assessment methods, sampling, statements, notional schedule, staff, inventory of targeted system endpoints/components, software, processes, and status of accounts for system-specific, hybrid, and inherited controls.
• Develop Security Assessment Motives in the CSAM to support controls selection commensurate to approved SAP.
• Adhere to the approved SAP while conducting authorized security assessments. Collect and catalogue evidence of security controls assessment findings (documents, screen captures, interview notes) to support claims of control implementation status.
• Develop SAR in accordance with the SAP scope. SAR must detail assessment findings with supporting evidence.
• Develop and update system qualitative risk assessment reports (RAR) compliant with NIST SP 800-30.
• Develop a Recommendation Report and draft a Plan of Action and Milestones in CSAM. The Recommendation Report must detail findings, applicable actions, and remediation or compensating measures to reduce risk.
• Develop a Security Assessment Executive Summary including documents for a presentation, providing summary of activities, findings, risks, and recommendations. The Executive Summary should include methods of data collection, reporting applications and tool suites, and processes in plain language with visuals where appropriate.
• Provide an Executive Summary Briefing at the customer site or hosted virtually, as determined by the COR. Final artifacts supporting assessment activities shall be uploaded in CSAM as designated by the COR.
• Ensure all written and published media is relevant to topic and provided in plain language with correct grammar and spelling.

• Highly skilled in…