TWINN is seeking a Cyber Security professional with experience in system engineering, application development and information security to include implementing the Risk Management Framework (RMF) and Assessment & Authorization (A&A) of IT systems.
The candidate will be directly involved in processing all customer efforts through the various facets of the RMF and the A&A process.
The candidate will conduct comprehensive cyber assessments of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system).
The candidate will also provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its operational environment and recommend corrective actions to address identified vulnerabilities.
***** All positions require a Active (TS/SCI) Clearance with a Polygraph to be considered *****
Demonstrated expertise in recommending best practices in security architecture, when required, that promotes cost-effective and efficient systems solutions consistent with program objectives and measures of performance.
Demonstrated proficiency in developing security assessment reports based on review of security plans and interviews with developer/customer, assess systems against Information Assurance policies and regulations.
Demonstrated proficiency in testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation.
Demonstrated expertise in identifying and applying the appropriate level of recommended remediation to security anomalies or integrity loopholes such as system weakness or vulnerabilities.
Demonstrated experience and ability to download, install, run, and understand software, to include compliance-oriented software for system testing to include WebInspect, AppDetective, Red Seal, Splunk, and NESSUS.
Demonstrated experience developing and documenting security evaluation test plans and procedures.
Demonstrated experience working with the Sponsors Risk Management Framework (RMF), Assessment & Authorization (A&A) process and information assurance polices.
Demonstrated experience participating or leading technical exchange meetings and application review boards and documenting actions items/results of these events.
Demonstrated experience providing threat analysis based on identified security vulnerabilities.
Demonstrated experience in penetration testing information systems, to include cloud-based systems and applications.
Bachelor or Master's degree in a technical field and/or CISSP (or similar certification), CEH, CHFI certifications.