ClearFocus Technologies, a HUBZone certified company, is located in Leesburg, VA. We specialize in cybersecurity and support multiple government and commercial clients for a variety of missions. We value our clients, integrity and employees and believe a single person can make a difference!
We are committed to attracting and retaining the best and brightest talent who desire to work with industry leading technology to stay on top of their profession. We provide an excellent benefit package which includes medical, dental, vision, paid time off, 401(k), paid professional development reimbursement and more! Responsible for supporting Information System Security Officers (ISSOs) with the following:
Developing and maintaining System Security Plans (SSP).
Implementing and managing NIST 800-53 Rev. 5 or later Security Controls.
Supporting the SA&A process.
Supporting Continuous Monitoring activities.
Managing POA&Ms and developing remediation strategies.
Aligning systems activities to the NIST Cyber Security Framework (CSF). Supporting the incident response process.
Identifying and supporting system Interconnection Security requirements.
Supporting audit logging review and remediation activities.
Providing OMB FISMA data.
Developing and documenting incident reporting procedures for service desk, admins, and security staff for incidents.
The position must have a good understanding of SDLC and RMF Process including:
Experience advising government program managers on security testing methodologies and processes.
Experience performing system analysis, system audits, system monitoring, security control assessment/testing, risk management, incident response.
Experience evaluating certification documentation and providing written recommendations for accreditation to government PMs.
Experience reviewing system security to accommodate changes to policy or technology.
Evaluation of IT threats and vulnerabilities to determine whether additional safeguards are needed.
Experience advising the government concerning the impact levels for Confidentiality,
Integrity, and Availability for the information on a system.
Experience conducting certification tests that include verification that the features and assurances required for each protection level are in place.
Experience with conducting and coordinating IS security inspections, tests, and reviews.
Experience assessing changes in the system, its environment, and operational needs that could affect the accreditation.
Experience preparing the final SAR containing the results and findings from the assessment.
Experience with Initiating a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR.
Experience performing risk assessments and making recommendations to customers.
Minimum Years of Experience: 7
Minimum Certification Requirements: At least one of the following computer security certifications: CISSP, CCSP, CISM, GSLC, CISA, CASP, or equivalent.
Preferred Education :
Bachelors of Science degree preferably in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience.
COVID-19 Policy: In accordance with Executive Order 14042, all newly hired employees must be able to provide proof of vaccination prior to starting employment, or receive approval for a medical or religious exception.