Job Description :
We are GDIT. We support and secure some of the most complex government, defense, and intelligence projects across the country.
At GDIT, security management is not just a singular part of our mission it connects every one of us because it’s embedded into every aspect of what we do.
GDIT is your place. You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity at GDIT, you are helping us ensure today is safe and tomorrow is smarter.
Our work depends on a Mid-Level Information Security Analyst joining our team to support the Department of State contract processing security Assessment & Authorization (A&A) tasks.
At GDIT, people are our differentiator. As a Mid-Level Information Security Analyst supporting the Department of State Diplomatic Technology (DT) program, you will be entrusted to assist in A&A efforts.
In this role, a typical day will include p roviding support to the DoS DT / ES / CCS IT Security Manager, Information System Security Officers (ISSOs);
responsible for new and existing systems, applications, and networks, both on-premise and / or within a Federal Risk and Authorization Management Program (FedRAMP) cloud.
Responsibilities Include :
- Escalation of project issues to the IT Security Manager, ISSOs and the Authorizing Official Designated Representative (AODR).
- Provides thorough Quality Assurance (QA) of all ATO documentation in the DT / CO / AA ArchAngel and Xacta chosen management tools.
- Reviews security controls in accordance with the NIST SP 800-53, Revision 4.
- Familiarity with the following DoS tools : ArchAngel, Xacta, iMatrix, and iPost
- Prepares and documents RMF Steps 1 through 3 activities in ArchAngel or Xacta tools. Activities include System Description, National Security System (NSS) Checklist, Business Impact Analysis (BIA), FIPS 199 and System Data Types (SDT), Hardware, Software, Inheritance Questionnaire, Privacy Questionnaire, Records Management Questionnaire, Privacy Impact Assessment (PIA), Privacy Act Statement (PAS), System Boundary, System User Groups, Digital Identity Risk Assessments (DIRA), Information System Contingency Plan (ISCP), System Security Plan (SSP), and Security Control Implementation Statements for required NIST SP 800-53 control families.
- Prepares and documents RMF Step 6, Continuous Monitoring activities. Activities include Annual Controls Assessments (ACAs), annual Contingency Plan Tests (CPTs), annual Findings and POA&Ms, annual AC-6 System Owner Attestations for Account Management, and quarterly FISMA Questionnaires, and Plan of Action and Milestones (POA&Ms).
- Develops and reviews Privacy Impact Assessments (PIAs) and Privacy Act Statements (PASs) prior to submission to Privacy Office.
- Familiarity with interpreting system boundary architecture diagrams.
- Perform analyses to validate established security requirements.
- Collects evidence to support compliance with the SSP.
Job Requirements :
- BA / BS or equivalent work experience
- 5+ years of experience
- Minimum of Secret security clearance
- Availability to obtain Top Secret security clearance
- Experiece GRC Tool
- Preferred Certification : Certified in Governance, Risk and Compliance (CGRC) OR must be obtained within 6 months)
- This position is a Hybrid position; both on-site and telework.
The likely salary range for this position is $110,500 - $149,500. This is not, however, a guarantee of compensation or salary.
Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.
Scheduled Weekly Hours :
Travel Required : Less than 10%
Less than 10%
T elecommuting Options :
Hybrid
Work Location : USA DC Washington
USA DC Washington