Security Specialist - Risk Management Framework with Security Clearance

---

Job description

Security Specialist - Risk Management Framework
Full Time
Springfield, VA, US
SS-RMF About Sphinx
Sphinx is a full spectrum security and intelligence company established by a group of like-minded Veterans. We are passionate about supporting our client's missions and ensuring they are prepared to address the modern threat environment. Sphinx provides services to an array of clients within the US Intelligence Community, Department of Defense, Cleared Defense Contracting, Defense Industrial Base, and Private Sector. We are comprised of 90% Veteran staff and pride ourselves on maintaining a close knit and collaborative work environment. Sphinx prioritizes the wellbeing of our personnel and we are dedicated to helping you achieve your personal goals. We offer a competitive benefits package to include a 401K with corporate match, paid health, vision, dental, and other insurance options. Sphinx also offers a variety of incentives and opportunities to support the development and growth of our personnel. Security Specialist - Risk Management Framework
Clearance: Must currently possess an active TS/SCI security clearance and be able to obtain a CI polygraph after hire (if not before)
Location: Springfield, VA
Salary Range: $85,000 - $145,000
Experience: Must have at least 7+ years of experience implementing Risk Management Framework best practices and implementation. Description: Sphinx Security Specialist support implementing Risk Management Framework best practices to customer's mission critical systems. Responsibilities
- Prepare Assessment & Authorization (A&A) security documentation for the background investigation support system(s), to include CONOPS, Security Test Plan (STP), hardware/software list, network/data flow diagrams, standard operating procedures, policies, Privacy Threshold Analysis (PTA), Memorandum of Understanding (MOU), Interconnection Service Agreement (ISA), Contingency Plan, topological drawings to illustrate the interconnection between the systems and or networks.
- Ensure data sensitivity through coordination and use of multiple security countermeasures to protect the integrity of the information assets in the enterprise is an overarching goal, in addition to protecting and ensuring data sensitivity is being enforced
- Document, manage, and control the integrity of changes to all systems security documentation, including standard operating procedures and user guides that provide detailed instructions for implementing IT systems security policies.
- Assist in the selection of minimum-security controls to establish a baseline of measures to prevent security breaches of the information system, document the selected security controls in the security plan and initial Risk Assessment Report (RAR), and, document an approved continuous monitoring strategy.
- Document the security control implementation, as appropriate, in the security plan, providing a functional description of the control implementation (including planned inputs, expected behavior, and expected outputs- Maintains awareness of other Customer tools and how they might be incorporated into customer's business processes.
- Conduct security testing and verify which security controls are implemented correctly, operating as intended, and producing the desired outcome in meeting security requirements.
- Conduct remedial actions on security controls based on the findings and recommendations of the Security Assessment Report and reassess remediated control(s), as appropriate.
- Review vulnerability scans and ensure the accountable parties have responded appropriately to vulnerability findings, troubleshoot security threats and vulnerabilities in response to incident reports, and identify/isolate problem sources; and recommend solutions or corrective actions.
- Monitor and analyze systems logs daily to identify systems security trends and assess the security effectiveness of installed systems based on analysis of reported security problems.
- Formal security policy and procedures ensure investigation operations will follow accreditation standards using Intelligence Community Directive (ICD) 503, RMF, categorizing methods of High Confidentiality, High Integrity, and Moderate Availability level. The contractor is expected to protect the systems through implementation of security controls that protect against malicious behavior to include intrusion, tampering and virus between the two systems.
- Ensure Security categorization of High Confidentiality, High Integrity and Moderate Availability based on the information types are followed
- As part of the monthly report, conduct vulnerability scans bi-weekly and Security Technical Implementation Guide (STIG) System scans every three months and provide results of scans. Required Qualifications
- Must currently possess an active TS/SCI security clearance and be able to obtain a CI polygraph after hire (if not already held)
- Must be a self-motivated, disciplined, and mature professional capable of operating with little tasking and oversight
- Must be capable of operating within a diverse environment and comfortable operating with limited guidance and oversight, maturity and self-motivation required.
- Bachelor's Degree or equivalent experience in a related field.
- CompTIA Security + or CISSP Certifications.
- 7+ years' experience. Benefits:
• 401(k)
• 401(k) matching
• Dental insurance
• Flexible schedule
• Health insurance
• Health Savings Account (HSA)
• Life insurance
• Paid time off
• Parental leave
• Professional development assistance
• Referral program
• Retirement plan
• Vision insurance

<!– job description page –>