About the Role
The Security Analyst/ISSO role is to work as an integral member of a team that supports security initiatives for the United States government.
Specific responsibilities of the role include, but are not limited to:
- Advise and assist with the security authorization process by developing a Systems Security Plan (SSP) and other artifacts
- Monitor and track security authorization activities through Authorization to Operate (ATO)
- Maintain documentation repositories (RMS and TAF) where security authorization documentation and artifacts are stored – Work closely with program office stakeholders to identify the appropriate certification/approval processes and authorities
- Record/register actions concerning ATOs
- Read and analyze SSPs and develop understanding of systems and applications into security test plans
- Support financial system audits
- Coordinate security authorization actions and system testing with appropriate security personnel
- Develop risk assessment reports Develop Plan of Action and Milestones (POA&Ms)
- Review audit logs for vulnerabilities
- Assemble and submit security authorization packages to Principal Accreditation Authority/Designated Accreditation Authority
- Review IA Compliance Validation Tests and Reports
- 1-3 years of experience in information security, with a concentration on security authorization as it applies to the US Government
- Knowledge of the federal security authorization (formerly known as Certification and Accreditation or C&A) process to include key activities and milestones required throughout each phase of the security authorization lifecycle
- Experience with the NIST/FISMA regulatory and compliance environment
- Highly-motivated, fast-learner who thrives in a fast paced environment
- Any security certification (e.g. CISSP, Security +, CAP, CISM, etc.)
- Be able to communicate effectively through written and verbal means to co-workers and senior leadership
- Be able to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met
- Be able to work well with collateral engineers, analysts and managers on related programs
- Active US Government security clearance (Minimum Secret level)
- Must be a US Citizen
- No relocation assistance. Candidates must be from the DC/MD/VA area.
- Possess a B.A. or B.S. degree in related field
- Ability to offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessment/mitigation approaches Experience with DHS or DoD requirements Documentation, presentation, and technical writing experience
Send resumes to email@example.com
Attackers used a vulnerability in Adobe’s ColdFusion app server to get access to PII such as full names, drivers’ licence numbers, and Social Security Numbers. Financial data was not included.
It is confirmed that 94 Social Security numbers were obtained by the hacker and those SSN owners are being notified by mail. 160,000 Social Security numbers and 1,000,000 driver’s license numbers may also have been accessed.
Officials are emphasizing to anyone booked into a city or county jail in Washington between September 2011 and December 2012 that they are at risk for having their social security number exposed by the breach.
With approximately 53 percent of the marketshare (according to comScore), the majority of smartphone owners have the Android platform on their device.
Unfortunately, Android's popularity also makes it the favorite target for mobile hackers.
Cameron Camp, Security Researcher with ESET, offers ten tips for securing your Android device. Click on the link for a slideshow.