Cybersecurity IT Consultant (NIST) Remote

$220,000 - $220,000/Yr

Innova Solutions USA - Santa Barbara, CA

posted 4 months ago

Full-time - Mid Level
Remote - Santa Barbara, CA
10,001+ employees
Professional, Scientific, and Technical Services

About the position

The Cybersecurity IT Consultant (NIST) position is a 6-month contract role focused on providing security software uploads, maintenance, and reporting. The assignment is set to begin at the end of August or September and can be performed fully remotely, although the candidate may need to travel to Maryland for training purposes. This training may also be conducted remotely. The contract is deadline-driven, requiring full-time hours (40 hours per week) during the upload phase, followed by a reduced schedule of 20 hours per week for maintenance tasks. The consultant will be responsible for ensuring the secure transfer of data for an Army installation over a five-month period, with no security clearance required. The consultant will conduct risk assessments, ensure compliance with federal regulations, and collaborate with various stakeholders to mitigate security risks while enhancing the overall cybersecurity posture. Responsibilities include performing Static Application Security Testing (SAST) on delivered software, generating reports, maintaining documentation, and creating procedures to support ongoing maintenance of key information systems. The role also involves capturing security controls during the requirements phase, compiling documentation of program development, performing secure programming, and translating security requirements into application design elements.

Responsibilities

  • Conduct risk assessments and ensure compliance with federal regulations.
  • Collaborate with stakeholders to mitigate security risks and enhance overall cybersecurity posture.
  • Perform Static Application Security Testing (SAST) on delivered software and generate Developer Workbook (DWB) and DISA STIG reports.
  • Produce Plan of Action and Milestone (POA&M) reports to manage progress of corrective efforts.
  • Maintain Ports, Protocols, and Services Management (PPSM) documentation IAW DoDI 8551.01.
  • Generate Vulnerability Management Plans (VMPs) for dissemination of vulnerability patches to operational systems.
  • Create Continuous Integration/Continuous Development (CICD) procedures for ongoing maintenance of key information systems.
  • Capture security controls used during the requirements phase to integrate security within the process.
  • Compile and write documentation of program development and revisions, including comments in coded instructions.
  • Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.
  • Translate security requirements into application design elements, documenting software attack surfaces and conducting threat modeling.

Requirements

  • A bachelor's degree in computer science, information technology, cybersecurity, or a related field.
  • Experience with NIST 800-53 Risk Management Framework (RMF) and comparable security frameworks.
  • Knowledge of system and application security threats and vulnerabilities.
  • Knowledge of secure configuration management techniques, including Security Technical Implementation Guides (STIGs).
  • Knowledge of network security architecture concepts, including defense-in-depth principles.
  • Knowledge of IT risk management policies, requirements, and procedures (DoD and NIST).
  • Ability to develop secure software according to secure software deployment methodologies, tools, and practices.
  • Excellent written, verbal communication, and interpersonal skills.
  • Strong time management and organizational skills.
  • Comfortable working in a dynamic and fast-paced environment.

Nice-to-haves

  • Advanced degree in computer science, information technology, cybersecurity, or a related field.
  • Applicable certifications such as CEH, Security+, CGRCCAP, GSEC, CASP+, Cloud+, or PenTest+.
  • Experience processing Vita 49 datasets and Red Hat 9 Linux OS.
  • Working knowledge of DoD Container Hardening Guidance and DoDI 8500.01.
  • Experience with Fortify and Anchore vulnerability scanning tools.

Benefits

  • Medical & pharmacy coverage
  • Dental and vision insurance
  • 401(k)
  • Health savings account (HSA)
  • Flexible spending account (FSA)
  • Life Insurance
  • Pet Insurance
  • Short term and Long term Disability
  • Accident & Critical illness coverage
  • Pre-paid legal & ID theft protection
  • Sick time
  • Employee Assistance Program (EAP)

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service