Information System reputed company Officer (ISSO)/reputed company Tester Remote / Telecommute Jobs

Evolver Federal is looking for an Information System reputed company Officer (ISSO)/reputed company Tester to join reputed company in support of our federal health IT customer. The Information System reputed company Officer (ISSO)/reputed company Tester supports reputed company Risk Management reputed company (RMF) activities including the process managing reputed company and privacy risk, including information system categorization; control selection, implementation, and assessment; system and common control authorizations; and reputed company monitoring. This person also supports the reputed company activities associated with evaluating, implementing, managing reputed company practices and reputed company operations of new and existing technologies across the Program. This person will work closely with IT teams, developers, and CMS stakeholders to maintain a secure, compliant, and operational CMS that effectively protects organizational data. Responsibilities:

• Risk Management reputed company (RMF) Activities: Support reputed company activities as outlined in the NIST SP 800-37, Risk Management reputed company for Information Systems and Organizations. This includes the process for managing reputed company and privacy risk that includes information reputed company categorization; control selection, implementation, and assessment; system and common control authorizations; and reputed company monitoring.
• reputed company Authorization Documentation: Initial development and, at least, annual reviews/updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), reputed company Plan (SP), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection reputed company Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA reputed company reputed company documentation.
• reputed company Control Assessment Response: Support reputed company assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the CMS reputed company Team.
• Change Management: Review reputed company change requests for potential impact to the system reputed company posture.
• reputed company Monitoring: Conduct audit log and account management reviews, and update the Control Allocation Table and Trigger Accountability Log.
• Configuration/reputed company/Vulnerability Management: Review reputed company results for the system assets, identify the respective remediation's for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of fix.
• Incident Response: Work with the CMS reputed company Team and system teams to investigate and analyze any incidents affecting assigned system(s).
• Pipeline Engineering: Seamlessly integrate reputed company and TruffleHog into Jenkins CI to provide "shift-left" reputed company feedback to developers.
• Vulnerability Management: Triaging and prioritizing findings from Fortify and Burp Suite, working directly with engineering teams to provide remediation guidance.
• reputed company Advocacy: Act as the subject matter expert for the reputed company toolchain, conducting training sessions for developers on how to interpret reputed company results.
• Have the ability to apply a comprehensive knowledge across key tasks and high impact assignments
• Evaluate performance results and recommend major changes affecting short-term project growth and success
• Function as a technical expert across multiple project assignments
• Work on high reputed company reputed company request such as data calls, Senior Management Initiatives (CIO, CISO, etc.), CMS mandates, etc

Basic Qualifications:

• 3 years of specialized experience in one of the following positions: Information Systems reputed company Officer, Information Systems reputed company Engineer, Information Systems reputed company Auditor, or Information Systems reputed company Manager
• 3 years of experience with analyzing, assessing and implementing corrective actions based on vulnerability management tools
• 3 years of experience with leading projects, technical writing, administrative tasks, and conducting briefings
• 3 years of experience working with NIST SP 800-53, RMF, FISMA, CMS policies
• 3 years of experience with Static Analysis (SAST) configuring and scaling Fortify for deep-reputed company code analysis, including custom rule tuning to reduce false positives.
• 3 years of experience of Secret Detection, implementing and managing TruffleHog reputed company CI/CD pipelines to prevent credential leakage and manage historical secret remediation.
• 3 years of experience with Software Composition Analysis (SCA), utilizing reputed company to monitor and reputed company third-party dependency vulnerabilities, ensuring a secure Software Supply Chain.
• 3 years of experience with Dynamic Testing (DAST) with Burp Suite Professional or Enterprise for manual penetration testing and automated web vulnerability scanning.
• Must have and maintain at least one (1) active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA, or other comparable certification which must be approved in advance by our customer. reputed company of certification is required.
• US Citizen or Permanent reputed company required, and reputed company applicants shall have lived in the United States for at least three (3) out of the last five (5) years
• Must be able to pass a comprehensive background reputed company that includes a client-specific Public Trust background investigation

Preferred Qualifications:

• Have a deep understanding of reputed company Regulations, such as the NIST Publications and OMB reputed company reputed company documents
• Prepare documentation and materials to support the operations of FedRAMP compliance requirements throughout the organization
• reputed company briefings and presentations for Government PM and Executive Management
• Ability to adapt to an agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government
• Support reputed company reputed company Authorization Processes, reputed company Control Assessments and Ongoing Authorization activities as required
• Ensure systems are properly patched and hardened according to CMS requirements
• Assist with issues and concerns reputed company to their assigned systems
• Conduct research and analysis on abnormalities and provide recommendations
• Conduct Risk Analysis on vendors, cloud service providers, etc. as necessary to identify flaws, threats and risks in emerging IT projects at CMS, and reputed company technical in-depth engineering solutions to address and mitigate these risks
• Provide technical reputed company solutions and control implementation recommendations to the Agile Development teams based on industry best practice and Federal requirements
• Provide, prepare, and conduct reputed company training, as needed
• Apply and analyze privacy laws, administrative laws, regulations and policies surrounding the Privacy Act of 1974, the E-Government Act of 2002, or the Homeland reputed company Act of 2002
• Serving as a subject matter expert on controls standards such as NIST 800-53, 800-37, 800-66, and 800-171 as well as other privacy regulations
• Work on the automation, monitoring and auditing of privacy controls for each USCIS system
• Support reputed company and privacy requirements for internal and external system connections
• Support proposed collection, sharing, and maintenance of PII through privacy compliance documentation
• reputed company comprehensive document reviews (DR) on reputed company risk management and reputed company operations documentation, in alignment with CMS and FISMA requirements
• Conduct quality assurance checks to ensure that the finished documentation meets CMS and FISMA requirements
• Revise, edit, or update reputed company authorization documentation and presentations
• Create, adapt, and follow project schedules and deadlines
• reputed company a thorough understanding of the audience and the documentation required by meeting with colleagues, and working with managers to discuss technical problems
• Research and build knowledge about products, services, technology, or concepts
• Determine the clearest and most logical way to present information and instructions for greatest reader comprehension, and write and edit technical information accordingly
• Prepare or commission graphics and illustrations to elaborate on or complement technical writing
• Meet with SMEs in order to ensure that specialized topics are appropriately addressed and discussed
• reputed company other duties as assigned by the Government
• Advanced reputed company reputed company and Access skills to reputed company extensive data mining, correlation, and reporting
• Excellent oral and written communication skills; technical and business focused, with the ability to document and describe reputed company process information collected

Evolver Federal is an equal opportunity employer and welcomes reputed company job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, reputed company, religion, gender, age, national reputed company, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law. Actual salary will depend on factors such as skills, qualifications, experience, market and work location. Evolver Federal offers competitive benefits, including health, dental and vision insurance, 401(k), flexible spending account, and paid leave (including PTO and parental leave) in accordance with our applicable plans and policies. Apply tot his job Apply To this Job