Security Specialist - Risk Management Framework

Minimum Clearance Required to Start:
Top Secret SCI
Job Description:

​Support Security and Installations Directorate (SI), Security and Installations Personnel Security Division (SISP). Risk Management Framework (RMF) support will be required for seven systems where SIS is the Information System Owner (ISO). The seven systems include Background Investigation Support Systems, Fingerprint System, Financial Disclosure System, Military Processing System, Process Robotics SPID System, and Polygraph Support System.
  • Prepare security documentation for seven systems to include test plan, security plans, hardware list, software list data flow diagrams, standard operating procedures, policies and network diagrams, topological drawings to illustrate the interconnection between the systems and or networks.
  • Ensure proper use of remote access connectivity from The Client to the Personnel Security and Background Investigation systems approved by The Client's CIO and Information Technology Services Directorate (CIO-T) office and maintained in accordance with NGA's policy and procedures.
  • Services offered ensure the File Transfer Protocol (FTP) connections from The Client to the Background Information system meets The Client's and National Institute of Standards and Technology (NIST) requirements.
  • Data sensitivity, coordinate use of multiple security countermeasure to protect the integrity of the information assets in the enterprise is overarching goal, in addition to protecting and ensuring data sensitivity is being enforced.
  • Ensure the user community of this network is in conformance with all computing standards of The Client.
  • Information exchange security ensure the site-to-site VPN tunnels are established based on the The Client and Department of Defense (DoD) requirement.
  • Rules of behavior the Personnel Security and Background Investigation systems, users are protecting the data in accordance with The Client and DoD policies, standards, regulations, and procedures for the specified systems.
  • Formal security policy and procedures ensure investigation operations will follow accreditation standards using Intelligence Community Directive (ICD) 503, RMF, categorizing methods of High Confidentiality, High Integrity, and Moderate Availability level. The contractor is expected to protect the Background Investigation systems through implementation of security controls that protect against malicious behavior to include intrusion, tampering and virus between the two systems.
  • Audit trail responsibility provide a means to detect, prevent, record in an audit trail and report to the Information System Security Officer (ISSO) any attempts by non-authorized users to access the system. Provide audit logs to The Client monthly.
  • Ensure security parameters controls that were identified by The Client be augmented by policies and procedures.
  • Ensure Security categorization of High Confidentiality, High Integrity and Moderate Availability based on the information types are followed.
  • Training and awareness of system, contractors are required to complete annual refresher IT Security Awareness training as well as additional security training based on their Security Specialist roles and responsibility.
  • Specific equipment restrictions, document all interconnections are required for all systems.
  • Ensure no personal computers or other agency computers will be used across the interconnection or on the The Client's Networks.
  • As part of the monthly report, conduct vulnerability scans bi-weekly and Security Technical Implementation Guide (STIG) System scans every three months and provide results of scans.
  • Excellent customer service skills and excellent interpersonal skills.
  • Proven communication skills - verbal, written and listening.
  • Excellent attention to detail skills.
  • Able to work effectively according to a schedule and with minimal direction.

Required Qualifications:
  • Active Top Secret SCI security clearance.
  • A minimum of 11 years relevant experience
  • Bachelor's degree or equivalent experience within related field.
Must be able to obtain, maintain and/or currently possess a security clearance.
The position requires a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief.