---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Certification & Accreditation Engineer
Location: Washington DC, District of Columbia, United States
Type: Permanent F/T
Closing Date: 2008-02-25
We are seeking a mid level C&A (Certification and Accreditation) Analyst for a
favored gov client located in Herndon , VA. Candidate should have experience
with NIST. Will be writing policies and procedures for Govt. customer.
JOB REQUIREMENTS
---------------------------------------------------
Tasks:
1. Conduct a comprehensive security test and evaluation of clients
systems, guided by the IT Security Program Policy and Minimum Implementation
Standards (June 30, 2005) of the U.S. Department of Commerce and NIST Special
Publications 800-26 “Security Self-Assessment Guide for Information
Technology Systems”, 800-42 “Guideline on Network Security
Testing” and 800-53 “Recommended Security Controls for Federal
Information Systems”. The contractor will propose and perform the ST&E in
accordance with the NIST guidance referenced above.
2. Review system documentation to develop test requirements, test
scenarios, and test scripts.
3. Create a rules of engagement document to provide to client to identify
what will occur during Penetration testing.
4. Conduct testing and document/review defects. Execute all test scripts
according to plan.
5. Produce Test Analysis Report. Clearly and concisely document results
of the test, including defects resolved, under contention, and those still
open. Review all defects with the development team and client representative.
6. Provide recommendations and Plan of Action and Milestones (POAM’s)
for those items identified as a result of the security testing.
7. Document the Risk Assessment based on the results of the ST&E.
8. Provide expert technical assistance in support of active and planned IT
Security programs. Products and delivery dates resulting from this task will
be specified in the task plan and may include:
· Certification and Accreditation (C&A)
· Analyses
· Reports
· Recommendations
· White Papers
Deliverables:
1. Documented ST&E & Penetration testing plans for clients systems
2. Documented ST&E & Penetration testing Results.
3. Documented Security Controls in accordance with
NIST SP 800-53.
4. Documented Risk Assessment in accordance with NIST
SP 800-300.
5. Documented POAM’s to mitigate risks identified from ST&E.
6. Bi-weekly progress reports provided to client
CONTACT
---------------------------------------------------
Email your updated resume, salary requirements and professional references to
careers@intrudetect.com with C&A Security Engineer (Washington DC) in the
subject line.
Intrudetect, Inc. is an EEO Employer http://intrudetect.com
Intrudetect, Inc.
Sini Vlaisavljevic
CISO
sini@intrudetect.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
