• Conduct security assessments of system security plans to help ensure that plans provide security controls for information systems that meet stated security requirements.
• Conduct comprehensive assessments of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls.
• Ensure compliance of security configurations for IT systems and aid in providing clear and concise processes and procedures for the implementation and enforcement of system security configurations.
• Support the risk management process by helping to determine and assign risk impact ratings in accordance with Information Assurance for Information Security Officers (ISSO) standards guidelines and methodologies and by aiding in the development and maintenance of Plans of Action and Milestones (POA&Ms) for IT systems identified in the Risk Management Framework (RMF) process and annual security assessments of IT systems.
• Provide assessments of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities and prepare the security assessment reports containing the results and findings from system security assessments.
• Multi-task capability, handling multiple projects and serves as advisor for other application development staff to ensure ISSO standards are adhered. Serves as primary contact and technical advisor to clients and application developers to provide established ISSO standards during and post software development lifecycle and project management lifecycle.
• Possess extensive knowledge of the US Government Information Assurance Security Processes.
• Familiarity with the Security Technical Implementation Guide (STIG) and Security Readiness Review (SRR) is desired.
• Knowledge of Information Assurance policies and procedures, and processes are also desired.
• Prefer to have hands on experience and at least one of the following professional certifications: Security+, CISSP, CISA, GSEC, or GSLC & OS Certificates.

• Familiarity with FISMA processes, NIST guidance, and experience writing security controls.
• A minimum of 6 years of relevant/relatable experience is desired.

• Secret

About HN Consulting

HN Consulting LLC is a Small Disadvantaged Business (SDB) and a Virginia certified Small, Women, and Minority-owned business (SWaM). HN Consulting is a process- and value-driven consulting and information technology management company.

 

HN Consulting is an Equal Opportunity/Affirmative Action employer. All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age (40 or over), or genetic information. HN Consulting's commitment to diversity and inclusive selection practices includes ensuring qualified long-term unemployed job seekers receive equal consideration for employment.