K2Share serves to make a national impact through the training, information assurance, and secure hosting solutions services we provide to our clients. We provide amazing opportunities for people not only seeking to kick-start their career, but also a growth-oriented company to call home. Our team of fun, dedicated, and creative employees come together to form a work-hard and have-fun environment full of company events, camaraderie, and celebrated successes. K2Share highly values a work-life balance and provides a great benefits package and development opportunities to help you succeed in your personal and professional goals. For the past 14 years, K2Share has been recognized as one of the Best Companies to Work for in Texas.
Duties: This position will serve as the technical lead for security control assessments conducted in support of a Cybersecurity Risk Management Framework (CRMF) Program at a large federal agency. This encompasses developing, managing and maintaining the assessment schedule, assigning assessors based upon skill set and experience, performing independent security control assessments (including interviews, examinations, and testing) and risk assessments for agency’s information systems, providing remediation recommendations, and providing recommendations to the Department’s Chief Information Security Officer (CISO). As well as, coordinating with the Security Operations Center (SOC) to develop, publish, and maintain system security status and risk information as a critical component of CRMF.
Act as client point-of-contact and on-site technical team lead in support of this effort
Develop, manage, and maintain the Security Control Assessment (SCA) schedule; assign assessors to scheduled systems based upon system categorization and assessor skill set and experience
Conduct quality control reviews of all security reports and documentation prior to delivery to government client; track, report and take action to remediate any trends identified in quality control reviews.
Track and report compliance with assessment service level agreements
Develop new and enhance existing processes, procedures, guidance, templates and reports for security assessment, continuous monitoring, and on-going authorization
Methodically and proactively analyze problems and identify solutions as required to identify and mitigate risk to the customer and customer systems
Assist customers with identifying, defining and implementing cybersecurity strategies, policies, and tactics, techniques and procedures
Support the development, revision, and maintenance of cybersecurity policies, processes, procedures, guidance, and templates
Conduct Security Control Assessments (SCAs) in accordance with NIST guidelines and approved assessment SOP
Render reports, summaries, training materials, and formal presentations which are concise and accurate
Provide briefings to client executive officers and management
Support the planning and implementation of customer governance forums and workshops including coordination, meeting, and logistics support and participate in forums/workshops as required
Act within identified guidelines, standards, and policies
Ensure knowledge transfer with federal employees
Assist in training and mentor less experienced security staff
Requires occasional work outside of normal business hours and 10-15% travel
Knowledge, Skills, and Abilities: The ideal candidate will have a solid understanding of information assurance practices and procedures, including the following skills:
10 years experience with at least 7-10 years of experience in the information security field
One of the following certifications: (ISC)2 Certified Information Systems Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH)
Experience documenting, implementing, and assessing cybersecurity controls using NIST SP 800-53 Revision 4 and FISMA requirements/guidance
Capable of assessing and developing Security Assessment and Authorization (A&A) security documentation, as well as creating actionable Plan of Actions and Milestones (POA&Ms)
Proficiency conducting Security Control Assessments (SCAs) in accordance with NIST SP 800-53/53A Revision 4 guidelines
Demonstrated fluency with the use of current technologies used for technical security control reviews (i.e. Tenable Nessus software, HP WebInspect, HP Fortify, etc.)
Experience with translating vulnerability scan results into findings aligned to NIST SP 800-53 Revision 4 security controls
Experience researching, publishing and maintaining continuous monitoring metrics and data relevant to customer cybersecurity risk posture and RMF implementation
Must hold current or be eligible to obtain Federal Security Clearance at Secret or higher level
Strong organizational and communication skills and ability to work in a multi-disciplinary team setting of subject matter experts, vendors, subcontractors, and clients
Ability to write clear and concise memos and documentation
Proficient with Microsoft Office products
Experience using CSAM workflow and modules to conduct control assessments and report results
PMI Project Management Professional (PMP) certification
Education: Bachelor's degree in relevant fields; or equivalent relevant work experience
Work Environment: This job operates in a well-lit and temperature-controlled office environment.
Physical Demands: The physical demands listed below are required to perform essential functions of this job. Reasonable accommodations can be made to help individuals with disabilities to perform essential job functions.
An employee in this role must be able to remain in a stationary position 75% of the time and will occasionally need to move about inside the office. This position requires the constant operation of a computer. The employee must be able to frequently communicate and exchange accurate information with clients.
Compensation:Commensurate with experience
What K2Share Offers You:
18 paid time off days (the number of days increases with length of service at K2Share)
10 paid holidays annually
Comprehensive health benefits for employees and their family
Medical, dental, and vision premiums covered up to 100% by K2Share
Flexible spending accounts for dependent and medical care
Health savings account
Life, AD&D, and disability insurance
401(k) plan with employer matching contributions
Flexibility for those needing time off for jury duty, voting, military leave, etc.
Wellness reimbursement program (includes fitness reimbursement program)
Technical training and certifications as required
Any of our CareerSafe Online training courses for free to employee and immediate family
Work Location: Downtown Washington, DC, at Potomac Center Plaza (550 12th St SW). Location is only two blocks from Smithsonian Metro (Blue/Orange/Silver) and L’Enfant Metro (Green/Yellow) stations, as well as just three blocks VRE stop (L’Enfant) and the slug line.
You must be a United States citizen, be willing to take a drug test as part of the selection process and submit to a credit and background investigation as part of the selection process.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information, including criminal background investigation and good credit history.
The US Government restricts access by Foreign Nationals to certain types of technology and technical data. Consequently, this posting is intended only for US citizens.
K2Share, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, or protected Veteran status. K2Share offers a great work environment, challenging career opportunities, professional training, and competitive compensation.