Company Overview:
TestPros is a successful and growing business, established in 1988 to provide Information Technology (IT) technical support services to a wide range of Commercial and U.S. Federal, State, and Local Government customers. Our capabilities include Program Management, Program Oversight, Process Audit, Cyber Security, Zero Trust, Resiliency, CMMC and NIST SP 800-171 Assessment and Compliance, Computer Forensics, Software Assurance, Governance Risk Management and Compliance (GRC), Privacy, Software Testing, Test Automation, Customer Experience (CX), Section 508 and WCAG Accessibility Assessment, Usability, Localization Testing, Independent Verification and Validation (IV&V), Quality Assurance (QA), Intelligence Analysis, and Research and Development (R&D) services.
TestPros delivers innovative independent IT assessment solutions to critical challenges facing the nation and the world. We support the U.S. Federal Government and Commercial clients within the continental USA. TestPros is dedicated to making lives better, safer and more secure.
Job Description
TestPros is looking for a cybersecurity professional to manage the Risk Management Framework (RMF) process and review / update the Authority to Operate (ATO) and Authority to Connect (ATC) approval packages. You will perform as the primary security advisor on multiple systems. At least 4 years of experience, a DoD Secret clearance, and possession of an IAT II certification is required.
Location: Hybrid: Tampa, FL (MacDill Air Force Base) and remote (on-site 4 to 5 days a week for the first couple of months, then transitioned to 2 days a week).
Citizenship: U.S. citizenship is required
Clearance: Active DoD Secret clearance
The ideal candidate will:
- Provide solutions and recommendations to remedy security vulnerabilities, threats, to ultimately improve the protection of IT resources and to execute the MacDill AFB mission.
- Provide guidance to other assessors on the policies and procedures of the job.
- Provide detailed assessment findings using Government-specified processes and procedures.
- Utilize assessment results to identify trends and to improve IA training, policies and processes.
- Utilize the RMF methodology to successfully implement an information technology process which shall effectively protect the element's information assets and its ability to perform its mission to include but not limited to Configuration Management.
- Utilize RMF tools such as (but not all encompassing) Enterprise Mission Assurance Support Service (eMASS), SNAP, Information Technology Investment Portfolio System (ITIPS), and Grid Interconnection Approval Process (GIAP) system.
Responsibilities
- Conduct comprehensive IT security control assessments on systems identified within the scope of the contract.
- Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions and or controls to address identified vulnerabilities.
- Review the System Security Plan (SSP), prior to initiating the security control assessment and ensure the plan provides a set of security controls for the information system that meet the stated security requirements.
- Advise the ISSM concerning impact values for confidentiality, integrity, and availability for the information on a system.
- Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards and controls to mitigate vulnerabilities.
- Review and approve the information system security assessment plan, which is comprised of the SSP, the Security Controls Traceability Matrix (SCTM), and the Security Control Assessment Procedures.
- Ensure security control assessments are completed for each information system and ensure controls are working as intended and these controls protect the confidentiality, integrity and availability of IT resources at the appropriate levels.
- Prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security control assessment activity.
- For each completed site visit, provide a visit report.
- Support compliance with RMF controls to include, as necessary, development of Plans of Action and Milestones (POA&Ms) and mitigation of control deficiencies.
- Evaluate security control assessment documentation and provide written recommendations for security authorization to the AO.
- Assemble and submit the security authorization artifacts to the AO (consisting of, at a minimum, the SSP, the SAR, the POA&M, and a Risk Assessment Report (RAR).
- Assess the proposed changes to information systems, their environment of operation, and mission needs to determine if they are security-relevant and could therefore affect system authorization.
- Use Security controls defined by the AO and lead ISSM.
Qualifications and Skills
- U.S. Citizenship.
- 4-8 years of experience.
- DoD Secret clearance
- Bachelor’s Degree or equivalent work experience is highly preferred.
- Excellent listening skills, effective and efficient oral and written communication skills.
- Strong written, verbal communication and presentation skills – no exceptions! Ability to speak at group events, and to interface with customers.
- Solid time management, planning, organizational communication skills, and ability to scope prospective engagements, develop proposals and project plans.
- Possession of one of these IAT II (or other) certifications:
- CCNA Security
- CySA+ **
- GICSP
- GSEC
- Security+ CE
CND - SSCP
Benefits
TestPros offers a competitive salary, medical/dental/vision insurance, disability insurance, life insurance, paid time off, paid holidays, 401(k) retirement plan with company match, opportunities for professional growth, cell phone discounts, and much more! All benefits are per TestPros current policies and are subject to change without notice. Benefits are available to full-time employees.
TestPros, Inc. is an Equal Opportunity Employer.
EEO Statement
All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation, gender identity, marital status, age, national origin, or protected veteran status.