SME - Information System Security Manager - Steampunk

Steampunk is seeking a Subject Matter Expert (SME) Information System Security Manager to support our Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA) clients. CISA leads the national effort to understand, manage, and reduce risk to critical infrastructure. CISA is charged with leading the Nation's strategic and unified work to assure the security and resilience of the nation's cyber systems, protecting the American way of life.

• Responsible for leading teams in the RMF assessment, authorization, and monitoring steps for CISA systems following NIST and IDD 503 standards and best practices.
• Maintain ongoing knowledge of Federal policies and practices related to cybersecurity.
• Possess excellent verbal and written communication skills.
• Have knowledge, skills, abilities, and experience with common assessment and authorization (A&A) application platforms (e.g. eMASS, CSAM, Xacta is preferred) for performing tasks, strong architecture, network and infrastructure security,
• Strong next gen security expertise (agile/hybrid agile, cloud).

• Maintaining an asset inventory of hardware and software within the program/development offices or field site facility;
• Ensuring that security requirements for the assigned major application or general support system are being or shall be met;
• Ensuring that requests for Security Authorization (SA, also commonly referred to as Assessment & Authorization or Certification and Accreditation) of assigned major application or general support systems are completed in accordance with the published procedures;
• Coordinating the development of a Contingency Plan and ensuring that the plan is tested and maintained;
• Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.g. NIST 800-30, 37, 39);
• Ensuring preparation of security plans for sensitive systems and networks.
• Reporting IT security incidents (including computer viruses) in accordance with established procedures.
• Reporting security incidents not involving IT resources to the appropriate security office; and representing the security team as part of change management for assigned information systems.

• Active TS security clearance
• 10+ years of proven experience performing security controls assessments.
• Bachelor’s degree.
• Extensive experience working with various security methodologies and processes, compliance controls related to cloud security, performing assessments in cloud computing environment.
• Extensive experience providing analysis and trending of vulnerability data from many heterogeneous devices.
• Possess expert knowledge in risk and vulnerability management.
  • Familiarity with one or more of DHS Directive 4300A, FIPS Pubs 199 & 200, and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60
  • Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring
  • Experience with POA&M management and GRC tools
  • Ability to performing Security Authorization and Risk Analysis and Assessment

Steampunk is a Change Agent in the Federal contracting industry, bringing new thinking to clients in the Homeland, Federal Civilian, Health and DoD sectors.  Through our Human-Centered delivery methodology, we are fundamentally changing the expectations our Federal clients have for true shared accountability in solving their toughest mission challenges.  As an employee owned company, we focus on investing in our employees to enable them to do the greatest work of their careers – and rewarding them for outstanding contributions to our growth. If you want to learn more about our story, visit http://www.steampunk.com.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Steampunk participates in the E-Verify program.