Senior Security Architect- 100% Remote

DUTIES/RESPONSIBILITIES

• Using automated tools, identify the presence and use of any unapproved technology components in the common operating environment to ensure compliance with the client's enterprise architecture and applicable reference models.
• Work closely with the client's Audit Team to identify areas for process improvement.
• Understand and incorporate lessons learned from internal and external audits across the enterprise's portfolio of IT systems by working closely with the client1s Audit Team.
• Validate results of control testing conducted by Information System Security Officers (ISSO) in support of annual self-­ assessment requirements for IT systems within the required testing frequencies as part of the Continuous Monitoring Program.
• Review artifacts submitted as evidence of control testing results as a part of the self-assessment testing conducted by the ISSOs to validate reported test results.
• Review, validate, and track false positives in scan results reported by the ISSOs to provide assurance that IT system operation meets specified security control implementation requirements as specified in the NIST SPB00-53 and supporting DHS guidance.
• Review documentation submitted in support of requesting a waiver for compliance with specified security requirements per the NIST SP 800-53, and provide recommendations to the client for approval and acceptance of associated risk.
• Review and assess system changes to determine the level of independent security assessment required in support of the Security Impact Analysis process for the enterprise portfolio of systems.
• Coordinate with the SCA team on testing of common controls, the client's RMIC Group for A-123 and external assessments, as well as the schedule for testing applications due to major changes.
• Perform quality assurance reviews of security documentation as needed to ensure content meets the intended requirements and is suitable to determine the security posture and associated risk of an IT system.

REQUIRED SKILLS/ABILITIES

• Bachelor's Degree in Information Technology or related field.
• Minimum of 8 years of experience evaluating IT systems using NIST SP 800-53 in the federal government.
• Previous experience supporting Department of Homeland Security federal clients preferred.
• Previous experience using one or more of the following tools: tenable.io, Nexus IQ Server, Splunk Enterprise v 7.3 and higher, DoJ CSAM.
• Working knowledge of the NIST SP 800-37 Risk Management Framework.
• In-depth knowledge of the NIST SP 800-53 and direct experience applying the NIST SP 800-53 to document and evaluate IT system compliance with specified control requirements.
• Previous experience as an IT Project Manager and/or possess the necessary IT background to accurately assess system changes and categorize them as major versus minor changes.
• Demonstrates the ability to assess overall risk to an IT system and the data it stores, processes, or transmits, based on the type of IT system changes being implemented.
• Works well independently and possesses a solid understanding of cyber security concepts.
• Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
• Ability to clearly communicate complex technical concepts to Information Technology Project Managers, Database Administrator s, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
• Must be a US Citizen with suitable eligibility for the Public Trust position.

CERTIFICATION REQUIREMENTS

• CISA, CISM, and/ or CISSP preferred, but not required.