Security Compliance Specialist
As a Security Engineer, you will assist with activities related to designing, selecting, implementing, and maintaining security controls for major information systems supporting federal government contracts, including achieving and sustaining authorization to operate (ATO) following NIST Risk Management Framework procedures and guidance mandated under FISMA. Key job duties including specifying and documenting security control requirements, supporting security control assessments, and working with development and implementation team members to ensure that all security requirements are adequately addressed. The Security Engineer also helps identify relevant security and privacy standards and regulations applicable to systems under development or in operation and helps ensure compliance with those standards and regulations. You will be part of a team dedicated to changing Healthcare IT. Superior communication and collaboration skills are essential to this role. The position is fast paced on a complex, high priority project, requiring both hard and soft skills, and focused dedication. The candidate must be an effective communicator and collaborator, and a mature and empathetic team member.
Key Responsibilities:
- Assist with identifying and supporting what changes or processes will satisfy the organization’s security requirements
- Work closely with the Project Manager to ensure dates, risks, project plans, and security controls for various applications are documented, communicated, and understood
- Support technical solutions that address vulnerability findings and security gaps
- Analyze current system designs and requirements to ensure all current systems and system updates meet goals and expectations
- Evaluate information security technologies and create recommendations and plans for implementation
- Support the Sr. Systems Security Engineer in the review of technical, management, and operational Security Controls in accordance with the NIST and FedRAMP approved cloud and on-premises system environments to ensure the completeness and effectiveness of the IT system’s information technology and security solutions
- Apply experience and knowledge of NIST Risk Management Framework (RMF) and how federal agencies apply this to secure their information systems
- Apply experience and knowledge with Assessment and Authorization (A&A) including Authority to Operate (ATO) packages and its alignment with RMF processes
- Conduct compliance reviews to ensure all products developed are in accordance with VA security standards. Perform qualitative assessment of current Cloud Computing Frameworks particularly as it relates to security in cloud environments
- Summarize and document all security-related activities, with emphasis on high-risk activities and potential/actual security breaches and violations
- Identify process improvement opportunities
- Collaborate with program management, agency stakeholders, the program team, and management to ensure a high level of quality across the project to ensure its success
- Anticipate project challenges and risk scenarios and prepare, lead, and execute proactive mitigation strategies to ensure optimal results
- Escalate key issues and recommended solutions to project and client leadership
- Interact effectively and professionally with clients, stakeholders, partners, sub-contractors, and vendors
- Maintain knowledge of agency rules and regulations
- Plan, monitor, and control relevant tasks outlined in the contract and statement of work
- Escalate key issues and recommended solutions to project and client leadership
- Other duties as assigned by program leadership
Required Qualifications:
- 5 years of relevant experience
- Bachelor's Degree (Computer science, electronics engineering or other engineering or technical discipline OR 8 years of additional relevant experience may be substituted for education
- Experience in coordinating with organizational security teams to ensure program consistency and compliance with all security requirements
- Experience with RMF, NIST 800-53, and ATO process
- Ability to read technical documentation and identify alignment and/or conflict with process requirements and policies
- Working knowledge of the software development life cycle (SDLC) for SaaS applications
- US Citizenship required
- Must be able to obtain Public Trust
Preferred Qualifications:
- Experience with Agile methodology and Scrum approach
- Jira experience highly preferred
- Experience with eMASS
- 5+ years of related cyber or information security experience required, preferably in a government or federal setting
- Prefer industry-recognized certifications such as Certified Information Systems Security Professional (CISSP) or Certified Authorization Professional (CAP) or Certified Ethical Hacker (CEH
As required by local law, Accenture Federal Services provides reasonable ranges of compensation for hired roles based on labor costs in the states of California, Colorado, Hawaii, Illinois, Maryland, Minnesota, New York, Washington, and the District of Columbia. The base pay range for this position in these locations is shown below. Compensation for roles at Accenture Federal Services varies depending on a wide array of factors, including but not limited to office location, role, skill set and level of experience. Accenture Federal Services offers a wide variety of benefits. You can find more information on benefits here. We accept applications on an on-going basis and there is no fixed deadline to apply.
The pay range for the states of California, Colorado, Hawaii, Illinois, Maryland, Minnesota, New York, Washington, and the District of Columbia is:
$84,900 - $160,200 USD
Apply for this job
*
indicates a required field