By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

• Provide technical leadership and support to an RMF 4 Independent Assessment Team which is responsible for providing technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systems.
• Responsible for ensuring that all system deliverables comply with Information Assurance policy, specifically NIST 800-53, Information Assurance Implementation.
• The team is responsible for providing technical leadership in designing and implementing sound test strategies and plans associated with platform development, infrastructure management and implementations in order to identify risks and increase efficiencies.
• Duties will include (but are note limited to):
  
  • Based on OMB, NIST, and client specific guidance, process and related documentation, the team will develop and submit Security Authorization Packages.
  • Brief review findings with system owners and ISSOs (optional). At that time, the system owner will have a chance to discuss findings for clarification and/or correction.
  • Make recommendations to correct RMF documentation and process deficiencies discovered while conducting reviews of completed or closed POA&M and RMF Packages.
  • Assess vulnerabilities of the client systems.
  • Define system security requirements in accordance with applicable IA requirements.
  • Ensure that the implementation of security designs properly mitigate identified threats.
  • Provide input to Assessment Process activities and assist in updating/creating relevant SOP's.
  • Manage the Assessment Process for systems assigned to the team.

• Bachelor’s degree and 10 years of experience or equivalent experience in lieu of a degree.
• Certified Information Systems Security Professional (CISSP) or ability to obtain within 6 months; or Certified Authorization Professional (CAP) or ability to obtain within 9 months
• Ability to manage and mentor an assessment team.
• Exceptional verbal and written communication skills including briefings and debriefings of client personnel including Information System Security Officers (ISSO), System Owners and Chief Information Security Officer (CISO)
• Thorough knowledge of, and experience with, the NIST 800 series publications to include: 800-30, 800-37, 800-53, and 800-53a.
• Previous experience creating all necessary Assessment and Authorization documentation. Experience should clearly be defined in resume.
• Ability to manage team members handling authorization packages for multiple systems of different size and complexity.
• Experience should be outlined in resume.
• Experience conducting security scans and developing findings
• Less than 10% travel to local customer sites in Washington DC for Customer Meetings

• Proficiency evaluating and analyzing results from the following set of tools, to include but not limited to Xacta, Nessus Pro and Security Center (SCCV), and Oracle

• Clearance Level (Required to Start): Secret (or Interim Secret)