Information Security Specialist

Company Description:

ASG is a Minority Woman Owned, Physician owned small business with over 10 years' experience in federal government contracting. ASG offers data collection, statistical analysis, health program evaluation, technical and health program implementation support. ASG provides a broad range of healthcare technology related services such as software development and integration, mobile apps, AI/ML, Analytics, Data Science, Bigdata, DevSecOps, Digital transformation, cloud, and cyber security. We are Commission on Accreditation of Rehabilitation Facilities (CARF) accredited and focused on positive patient outcomes. ASG is CMMI Level 3 certified for Development and Services, and holds ISO certifications 9001:2015, 20000-1:2011, and 27000:2015.

Job Description:

ASG has a challenging career opportunity for an Information Security Specialist to perform security oversight and management of the enterprise systems.

What You Will Do:

• Ensure that workstations and servers adhere to security configurations and shall be tested and scanned for proper configuration prior to initial access.
• Develop and maintain a professional working relationship between the Federal agency data center, system maintainers, Federal information system security officers, Cloud Service Providers (e.g. AWS, Azure etc.) and other support contractors (systems development or testing etc.).
• Supports the detection of malicious activity, prevention of unauthorized access to systems, and recommends protections against known and evolving threats.
• Perform system scanning that includes, but is not limited to code scans, penetration tests, and database scans.
• Provide a Vulnerability Result Report based on the scans with a recommendation and/or corrective plan of action.
• Support Privacy Compliance throughout the target lifecycle process.
• Collect information to identify, update and track security requirements continuously, Create and maintain a Security Risk Register and map to POAMs as required.
• On-call staffing for response to alerts from the Virtual Data Center Network Operations Center (NOC) and/or Security Operations Center (SOC).
• Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).
• Perform complex risk analyses which also include risk assessment.
• Provide Incident handling support, Security Audit Support, Security Risk Report, Security Documentation, and Security Impact Analysis.
• Identify, analyze, and report events that occur within the external systems to protect information, information systems, and networks from threats.
• Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
• Assesses assigned system to determine system security status and ensures adherence to security policy, procedures, and standards. Designs and recommends security policies and procedures.
• Knowledge of application infrastructure vulnerability assessments with penetration testing experience preferred (e.g., internal, external, wireless, physical, social, etc.).
• Experience with vulnerability assessments (i.e., network vulnerability scanning) – technical security assessments (e.g., Windows, UNIX, Linux, SQL server, etc.) and performs vulnerability remediation for compliance.
• Familiarization with web application security assessments (e.g., exploiting web app vulnerabilities such as SQL injection, cross-site scripting, parameter manipulation, session hijacking, etc.) and performs Security Assessments and Authorizations for in-house and cloud solutions (AWS) – with understanding of FISMA, NIST, FedRAMP, and other federal security regulations.
• Responds to queries and requests for computer security information and reports from both internal and external customers.
• Provides technical consultation on tasks; provides leadership and work guidance to less experienced personnel.
• Provides recommendations of product for upgrades, patches, and other general security measures in order to better secure systems for Federal systems.
• Provide privacy and systems security compliance guidance to teams throughout the Agile systems development lifecycle.
• Other duties as assigned by your manager.

What We Need:

• A minimum of 4 years experience in an Information Security Engineering role.
• Experience planning, implementing, managing, monitoring, and supporting ISSOs for the protection of the organization's data, systems, and networks required.
• Experienced in identifying, analyzing, and reporting events that occur within multi-tiered enterprise systems to protect information, information systems, and networks from threats required.
• Experience working with federal regulations related to information security (FISMA, Computer Security Act, FedRAMP etc.) required.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills is required.
• Ability to work autonomously on daily administrative tasks, reporting, and communication with the relevant third parties associated to the organization is required.

Even Better:

• Bachelor Degree in Computer Science, IT. Systems Engineering, Business, or a related field.
• Experience working with NIST Special Publications and Certification, Accreditation and Security Assessments (S&A/C&A) process methodology, continuous review, and controls review highly desirable.
• Working experience with preparing security plans and all security artifacts required for certification and accreditation – developing and maintaining documentation artifacts such as Systems Security Plans (SSPs), Security Controls Assessment (SCA), Information System (IS) Risk Assessment (RA), and Contingency Plans (CPs), Security Operations Monitoring and Management Standard Operating Procedures (SOPs) etc. highly desirable.
• Federal Information Security Management Act (FISMA) Controls Tracking Systems/Repositories such as FACTS or CFACTS experience highly desirable.
• Some Pen testing experience is highly desirable.
• Related Security certifications (CISSP, CCNA, CISM, CEH etc.) desirable.
• Experience working with cyber security architecture/frameworks and Cloud/AWS preferred.
• Experience working with Content Delivery Network (CDN) solutions such as Akamai security management preferred.
• Experience assisting the Federal Information Systems Security Officer (ISSO) in tracking and documenting user activity on a system and reporting any discrepancies or misuse of automated resources preferred.
• Ability to work under pressure in a complex environment preferred.

Clearance Level: Active DoD Secret Clearance

Additional Information:

At ASG, we value diversity and always treat all employees and job applicants based on merit, qualifications, competence, and talent. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or status as a protected veteran.

Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to careers@a2-g.com. We will treat your request as confidentially as possible. In your email, please include your name and preferred method of contact, and we will respond as soon as possible.

Perks:

At ASG, we want you to be well and thrive. Our benefits package includes:

• Healthcare Benefits
• Paid Time Off
• 401k Matching
• Employee Referral Bonus
• Education Assistance
• Learning and Development resources

EOE, including Disability/Veterans