SAIC is seeking an IT Security Documentation Analyst to serve on a team of Security Analysts and Engineers to ensure that systems are architected and executed in accordance with FAA security polices and National Institute of Standards and Technology (NIST) guidance's and recommendations.
Develop and maintain system security documentation throughout all phases of FAA (Federal Aviation Administration) ATO (Air Traffic Organization) Information System Security Documentation lifecycle. This includes security categorizations, system security plans, system policy and procedures, privacy threshold assessments, contingency plans, and any other documents necessary to support systems' authorization and continuous monitoring.
Create, track, and manage system Plans of Action and Milestones (POA&Ms)
Participate in vulnerability, risk and threat assessments, and other activities for analyzing the risk for information systems.
Work with Systems to answer Data Calls regarding various Security Metrics (Inventory, Contingency Plans, OS Types, Baseline benchmarks, etc.)
Assist in preparation of presentations and supporting materials to facilitate system security authorization and compliance meetings.
Review, report and update POA&M status in FAA tracking tool (SMART)
Ability to work in a team environment as well as independently, demonstrate excellent problem-solving abilities, be well organized, flexible, and self-motivated.
Ensure system security measures comply with applicable government policies and meet FAA security orders.
Attend System project meetings and collaborate with stakeholders (FAA System Managers, ISSOs etc..) to ensure security is addressed throughout the entire system lifecycle.
Contribute to weekly, monthly, and ad-hoc progress reports.
Bachelor's degree in Computer Science/Computer Engineering/Information Science and at least 5 years of relevant experience in cybersecurity, systems security, security authorization, system security architecture management, or related field;
A strong understanding of FISMA and NIST Special Publications, especially NIST SP 800-37 and NIST SP 800-53.
Excellent written and oral communication skills; attention to detail is essential.
Proficiency with Microsoft Office applications.
Knowledge of system and application security threats and vulnerabilities.
Experience performing security control assessments against all NIST SP 800-53 controls / families.
Understanding of various configuration standards such as DISA STIGs and CIS Benchmarks.
Proper Understanding of FIPS 199 security categorization.
On occasion, work extended hours (other than normal business hours) to support contractual requirements to meet customer needs
US Citizen with the ability to obtain and maintain a Public Trust clearance.