Lead IA Security Specialist

The IA/Security specialist will lead the Security Technical Implementation support to the DISA Global Force Management (GFM) Program Management Office (PMO) that supports system availability, stability, and interoperability of JPES and JCRM.

• Implement RMF in accordance with National Institute of Science & Technology (NIST) 800-37 and shall assess the system IAW NIST 800-53A.
• Create and keep updated in the Enterprise Mission Assurance Support Service (eMASS), POA&Ms for each non-compliant control that cannot be remediated.
• Document the security control implementation, including status and artifacts in the RMF version of eMASS.
• Register any deviation from STIG Compliance in eMASS as a non-compliant security control. If the contractor cannot correct the non-compliance within the timeframe set by the Government’s Vulnerability Management Policy, the Contractor shall submit a POA&M for correcting the non-compliant security control in eMASS, or the contractor shall submit an Authorizing Official (AO) risk acceptance request within eMASS for non- compliant security controls that the Government agrees cannot be remediated within reasonable costs and time.
• Use the most up-to-date, relevant, and agreed-upon Security Technical Implementation Guides (STIGs), conduct a full self-assessment at least twice a calendar year, and perform incremental self-assessments continuously.
• Submit a Self-Assessment Plan. Approval from the Government Information System Security Manager (ISSM) and Security Control Assessor Representative must be attained before implementation. The plan shall include the STIGs that will be used, STIG version number, accreditation boundary, system software and hardware, and any security software that will be used (i.e., Fortify, Assured Compliance Assessment Solution.
• Deliver a full Self-Assessment Report to the Government, which includes all information from the Self-Assessment plan in addition to the number of CAT I, CAT II, and CAT II STIG and IAVM findings for each system component.
• Deliver Self-Assessment Results in the form of STIG Viewer checklist files. Within the checklist files, the Contractor shall document the compliance status for all STIG checks and an explanation for how and why the STIG check is compliant, non-compliant, or not applicable. For code-related findings, the Self-Assessment Results shall indicate where in the code the issue was discovered.
• Provide a prioritized list of POA&Ms with recommended milestones, mitigations, and comments to the Government.

Required:

• BA/BS degree in an Engineering discipline. An additional four years of experience in lieu of a degree is acceptable.
• At least 10 years of experience in cybersecurity
• Secret Clearance

Integral partners with federal defense, intelligence, and civilian leaders to tackle their most important challenges and deliver positive outcomes. Since our founding in 1998, we have helped clients leverage existing and emerging technologies to transform their enterprises, empower growth, drive innovation, and build sustainable success. The forward-leaning solutions we deliver are tailored to each mission with a focus on keeping our nation safe and secure.

Integral is headquartered in McLean, VA and serves clients throughout the country.

We offer a comprehensive total rewards package including paid parental leave and immediate vesting in our 401(k). Give us a try and become part of a curated group of professionals at Integral Federal!

Our package also includes:

· Medical, Dental & Vision Insurance

· Flexible Spending Accounts

· Short-Term and Long-Term Disability Insurance

· Life Insurance

· Paid Time Off & Holidays

· Earned Bonuses & Awards

· Professional Training Reimbursement

· Paid Parking

· Employee Assistance Program

Equal Opportunity Employer/Protected Veteran/Disability