Conduct full security and privacy control assessments covering 100 percent of the System Security Plan (SSP) identified controls.
Ensure all assessment activities comply with FISMA, the Privacy Act, FIPS 200, NIST publications (specifically the NIST 800 Series), and DOC/NOAA cybersecurity mandates.
Develop, review, and evaluate essential security assessment outputs, including a Security Assessment Plan (SAP), Security Requirements Traceability Matrix (SRTM), Penetration Testing Report (PTR), Security Assessment Report (SAR), Risk Assessment Report (RAR), and Assessment Findings Report (AFR).
Evaluate technical vulnerabilities, vulnerability scan results, and penetration test findings to translate them into actionable business risks. Evaluate Plans of Action and Milestones (POA&M) for completeness and adequacy of closure evidence.
Conduct Assessment Results Briefings (ARB) to present findings, vulnerability risks, and ATO recommendations to Authorizing Officials (AO), Co-AOs, System Owners, and Information System Security Officers (ISSO).
Must be a U.S. Citizen.
Must have 5 years of demonstrated experience actively working with the NIST 800 Series.
Must have experience working with FIPS 200, FISMA, and the Privacy Act.
Must possess a working knowledge of risk management principles and the associated artifacts required by FISMA.
Must hold and maintain in good standing at least one of the following DOC-required professional cybersecurity certifications:
EC-C Certified Ethical Hacker (CEH)
GIAC Certified Incident Handler (GCIH)
GIAC Systems and Network Auditors (GSNA)
ISC2 Certified in Governance Risk and Compliance (CGRC)
ISC2 Certified Information System Security Professional (CISSP)
ISACA Certified Information System Auditor (CISA)
Experience using the Cyber Security Assessment and Management (CSAM) tool for tracking and reporting assessment packages.
Familiarity with Federal Risk and Authorization Management Program (FedRAMP) documentation and evaluating Cloud Service Providers (CSPs) like AWS or Azure.
Knowledge of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and analyzing automated vulnerability scanner results.
Prior experience handling, marking, and safely transmitting Controlled Unclassified Information (CUI).
Strong technical writing and presentation skills required to deliver clear Assessment Results Briefings (ARB) to high-level agency stakeholders.
Ability to demonstrate root cause analysis and troubleshooting skills during independent assessments.
About IBSS Corp.
Since 1992, IBSS, a woman-owned small business, has provided transformational consulting services to the Federal defense, civilian, and commercial sectors. Our services include cybersecurity and enterprise information technology, environmental science and engineering (including oceans, coasts, climate, and weather), and professional management services.
Our approach is to serve our employees by investing in their growth and development. As a result, our employees bring greater capabilities and provide exceptional service to our clients. In addition to creating career development opportunities for our employees, IBSS is passionate about giving back to the community and serving the environment. We strive to leave something better behind for the next generation.
We measure our success by the positive impact we have on our employees, clients, partners, and the communities we serve. Our tagline, Powered by Excellence, is a recognition of the employees that make up IBSS and ensures we deliver results with quality, applying industry best practices and certifications.
IBSS offers a competitive benefits package that includes medical, dental, vision, and prescription drug coverage with a company-paid deductible, paid time off, federal holidays, a matching 401K plan, tuition/professional development reimbursement, and Flex-Spending (FSA)/Dependent Care Account (DCA) options.
IBSS is an affirmative action and equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information. Click https://www.eeoc.gov/poster to see that the EEO is the law. Please direct any inquiries to the HR Department email at HR@ibsscorp.com.
If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please direct your inquiries to the Talent Acquisition department at Recruiting@ibsscorp.com
Headquartered in Silver Spring, MD, IBSS is a certified women-owned small business specializing in Cybersecurity and Enterprise IT Services; Oceans, Coasts, Climate, and Weather Services; and Professional Services. For more than 20 years, IBSS has been supporting federal and commercial customers. Our approach is to serve our employees by investing in their growth and development. As a result, our employees bring greater capabilities and provide an exceptional level of service to our clients. Our tagline, Powered by Excellence, is a recognition of the employees that make up IBSS and ensure we deliver results with quality, applying industry best practices and certifications. We apply our services, certified ISO 9001:2015, ISO 27001, ISO 20000, and CMMI, to deliver impactful consulting services to our clients.