Security Assessor

Location: Washington DC (onsite four days a week with one telework day)

Shall work eight (8) hours a day anytime between 6:00 AM and 6:00 PM ET, Monday through Friday

About Swingtech Consulting, Inc.

Swingtech Consulting, Inc. provides technology and management consulting services for the federal, state, and local government. Our team is comprised of skilled, certified consultants that help clients achieve success with effective, created, and rapidly executed solutions. We are rapidly growing and are always looking for intelligent and motivated people to join our team.

Swingtech is currently looking to fill a Security Assessor role in the Washington DC area. This position is currently remote, but the right candidate must be flexible and willing to also work in office.

Primary Responsibilities:

• Support the development and review of architectural specifications and documents for IT security;
• Support the review of IT security program plans, Agency security directives, policies and procedures, and IT security templates including Information Technology Policy;
• IT Security Program Evaluation Reports. Support the evaluation of the effectiveness of the implementation of agency IT security policies, and procedures using a Capability Maturity Model (CMM) based framework;
• The Vendor shall assist in security assessment activities at all phases of the SDLC. This includes conducting market research that supports agency’s technical evaluation of software, hardware devices, applications or services.
• For new agency information systems, and in the case of major modifications to certified systems, the Vendor shall be the independent security assessor as defined in NIST and OMB guidance.
• For each information system, at a minimum, the Vendor shall plan and conduct a security assessment in compliance with NIST SP 800-37 “Guide to Applying the Risk Management Framework to Federal Information Systems” and NIST SP 800-53a “Guide for Assessing the Security Controls in Federal Information Systems and Organizations, Building Effective Security Assessment Plans”, deliver a security assessment report and assist with recommendations to correct weaknesses and deficiencies identified in the Plan of Action and Milestones (POA&M).
• The SA shall conduct ongoing security control assessments; monitoring and evaluation of configuration settings; status reporting on the implementation of remediation plans in the system POA and an annual assessment of security controls selected on the basis of a risk analysis of the operating environment and the current threat(s).
  • Ongoing Authorization of FISMA-reportable systems includes the following:
    • Assessment Plan. On an annual basis, prepare an assessment plan which complies with NIST SP 800-37 guidance.
    • Control Assessment. Using the plan, assess a selected subset of the technical, management and operational security controls employed within and inherited by information systems.
    • Remediation Activities. Monitor remediation activities, review and approve completed remediation actions and assess risk of outstanding items in system POA&Ms and generate a monthly status report.
• Support reviews of the agency’s record management practices
• Vulnerability Scanning. Conduct monthly and ad-hoc vulnerability scans of systems.
• Employ agency supplied automated tools to gather data needed to conduct real-time assessments and analysis of detected security events
• Develop templates as needed

• Develop and maintain a comprehensive project plan (roadmap) that at a minimum identifies the tasks to be accomplished in the course of completing the requirements, defines project staff roles/responsibilities, and provides a detailed timeline for completion of tasks. The project plan shall include at a minimum the following:
  • • Milestones and dates for completion of each deliverable per system
    • Gantt chart for project plan showing milestones and dates for completion of each deliverable per system
    • Resources assigned to each system on project plan

Knowledge Skills & Abilities:

• BS/BA in Computer Science, Information Systems, Software Engineering or other related analytical, scientific or technical discipline.
• CISSP Certification highly preferred.
• Five (5) years of experience in performing ISSO role and duties in support of the Federal Government.
• Knowledge of Federal Government SA&A practices and policies, particularly FISMA and NIST Special Publications 800 series.
• Ability to work independently and also collaborate with application developers, engineers and others.
• Must be motivated and results oriented.
• Effective written and oral communication skills.
• Must be a US Citizen (since this is for a federal project).

Industry Certification(s):

• At least one (1) of the following: CISSP, GIAC, CEH, TNCP, Security+, Network+ etc.

Summary of Benefits

• 15 PTO days
• 11 paid holidays
• Medical Insurance with – 3 options (HSA with $600 Employer Contribution).
• Dental Insurance with no age limit orthodonture.
• Vision Insurance through EyeMed in and out of network coverage.
• Short Term and Long-Term Disability coverage with 100% premium support,
• Life insurance and AD&D with 100% premium support
• Supplemental Life Insurance
• Critical Care and Accident Insurance availability
• Pet Insurance through Nationwide
• Employee Assistance Program
• 401k with enrollment from day one. 4% deferral by company.
• $1500 Annual Training Budget
• $1500 Referral bonus
• Eligibility for annual merit and discretionary bonus
• Flexible work arrangements

Equal Opportunity Employer Minority/Female/Veterans/Disabled

#IND