8200 Greensboro Dr. #404
Mclean, VA 22102

Tel. 703-829-9499


©2019 Pernix, LLC

Careers

Fast-Paced, Innovative and Fun.

We value an inclusive work environment, nurturing the careers of our employees and fostering a great work life balance. Sounds awesome right?

Careers@pernixllc.com

LinkedIn

Alternate Information Systems Security Office (A-ISSO)

20-1001

Job Location:                US-VA-Rosslyn

Category:                     Information Technology

Clearance Level:           Interim Secret required to start


May be required to obtain Top Secret (TS)

FTE with benefits

Overview

Pernix Consulting, LLC is seeking an A-ISSO to support our Federal government client. This is a unique and challenging opportunity in the Office of the Chief Technology Officer (CTO) in Diplomatic Security, US Department of State. CTO is the primary IT group within the Bureau of Diplomatic Security, providing many web applications and other services used by Federal and local law enforcement officers worldwide.

Responsibilities

  • Responsible for the initial Security Review and Analysis of New Systems and the CPIC process. 

  • Ensure the security posture for existing systems is maintained throughout its production life cycle

  • Responsible for conducting the necessary actions and documentation to retire a system

  • Possess an understanding of how to categorize a system based on NIST SP 800-60 Vol II and FIPS-199, working with System Owner Representatives, Sys Admins and Developers

  • Understand the Remote Authentication Compliance rules for systems

  • Capable of using IRM/IA tools to generate the appropriate System Security Controls based on the System Security Categorization process; document/implement the system security controls

  • Conduct interviews with SMEs, test the system for compliance with controls, and research best industry practices for software and applications being used by the system

  • Ensure implementation statements are written clearly and are easily understandable

  • Must be able to communicate clearly verbally and in writing

  • Collaborate with other sections in the organization to resolve security issues in a manner that does not impede the DS CTO mission if possible. 

  • Review vulnerability reports and make decisions regarding the security posture of systems

  • Capable of conducting Initial Risk Assessments for any actions that are outsourced to ensure the appropriate security requirements are included in the contracts

  • Understand and/or be capable of learning and understanding the FedRAMP and Cloud Service Provider requirements for systems

  • Capable of creating a System Security Plan (SSP) that contains all the necessary addendums and specific IRM/IA mandates and requirements

  • Capable of completing the required documentation for Privacy Impact Assessments (PIAs). 

  • Capable of creating Information System Security Plans and conducting tests to validate the viability of contingency plans.

  • Capable of reviewing assessment reports and using the IRM/IA algorithm to determine if a finding at the completion of an assessment is a High, Moderate, or Low finding that has the potential to become a POAM (plan of action and milestone). 

  • Collaborating with other sections to remediate POAMs and documenting these actions to submit to IRM/IA in a clearly written format as an artifact that can be used to close POA&Ms (plan of action and milestones).  These artifacts must also withstand the scrutiny of OIG official review.  

Qualifications

  • 2+ years of related experience

  • Detailed knowledge of the six steps of the RMF process

Desired Certifications

  • CISSP

  • CAP

Desired Education

  • BS and 4+ yrs related experience

      OR

  • MS and 2+ yrs related experience

Pernix Consulting, LLC is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

 

To be considered for this position send a resume and salary requirements to careers@pernixllc.com. Please put the position title in the subject line.

System Security Analyst

20-1002

Job Location:                US-VA-Rosslyn

Category:                     Information Technology

Clearance Level:           Secret/Interim Secret required to start

FTE with benefits

Overview

Pernix Consulting, LLC is seeking a Systems Security Analyst to support our Federal government client. This is a unique and challenging opportunity in the Office of the Chief Technology Officer (CTO) in Diplomatic Security, US Department of State. CTO is the primary IT group within the Bureau of Diplomatic Security, providing many web applications and other services used by Federal and local law enforcement officers worldwide.

Responsibilities

As a System Security Analyst, you will be responsible for conducting FISMA-driven security assessments on Federal systems. At a minimum, you must have a sound working knowledge of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4, and the Risk Management Framework (MF) processes outlined in the NIST SP 800-37, Revision 1. You will be responsible for all system security documentation, conducting self-assessments, and providing test results and reports. You should have the ability to convey any findings to technical and non-technical audiences and analyze the results of vulnerability scans and/or penetration testing.

  • Perform security self-assessments and systems audits, as required

  • Assist in facilitating continuous monitoring

  • Review security controls in accordance with the NIST SP 800-53 controls and provide recommendations for implementation

  • Evaluate new IT systems involving software, hardware, configuration, and proposed changes to ensure IT security posture is in compliance with existing information security policies and regulations

  • Collect evidence to support implementation of system baseline security controls and perform analysis on evidence to ensure compliance with the systems security plan and risk management framework designs

  • Coordinate resolution of system deficiencies and POA&M findings with other Department offices, as required

  • Prepare plan of action and milestones (POA&M) reports to record system deficiencies and findings for all DS applications

  • Review and validate system configurations to ensure that a suite of security and compliance software, hardware and related toolsets are in accordance with appropriate risk management framework design

  • Perform continuous monitoring activities on new and existing systems and networks

Qualifications

  • CompTIA Security + certification

  • Minimum of 2 years of system security and/or FISMA compliance-based experience

  • Ability to interpret the results of vulnerability scans and penetration tests

  • Demonstrated ability to conduct a system security assessment with minimal guidance

  • Familiarity with A&A Package deliverables (SAP, SAR, SSP, SCF)

Desired Qualifications

  • ISC2 CAP certification

  • Familiarity with applying STIGS/hardening/best practice guides to information systems

  • Previous role of being an SCA at a Federal agency

  • Familiarity with interpreting complex system/network architecture diagrams

  • 2+ years of related experience

  • Detailed knowledge of the six steps of the RMF process

Pernix Consulting, LLC is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.

 

To be considered for this position send a resume and salary requirements to careers@pernixllc.com. Please put the position title in the subject line.