JOIN OUR EMPLOYEE OWNED TEAM
Are you looking for a place to invest in your future? Then consider a position with TechFlow where we have been providing opportunities for individuals to explore, learn and develop their careers for more than 20 years. Here at TechFlow, you will work with best-of-breed technologies and work in a challenging, dynamic environment where opportunities for training and advancement are provided. TechFlow promotes a work live balance and we offer;
Innovative compensation plans
Flexible Spending Plans
401K (with employer matching)
Employee Stock Ownership Plan
TechFlow is an employee owned technical services Government Contractor that provides quality IT services to the government in software development, business and process analysis, technology and scientific support services. TechFlow is committed to exceeding our client's expectations by creating an intimate partnership where we work cohesively to help our clients solve their business problems using the latest in web-based and integration technologies. TechFlow is headquartered in San Diego, CA and has offices in Albuquerque, NM, Arlington, VA and Idaho Falls, ID.
TechFlow’s Digital Services Development Department, responsible for designing, developing and deploying software for the U.S. Government has an opening for an Application Security Lead.
Note: This position is contingent upon successful contract award of the APLES 2 program.
The Application Security Lead will provide technical, administrative and security management services for the area of A&A by conducting IT evaluations and assessments and performing documentation support services for solutions developed by the program. Additionally, the Application Security Lead will ensure full compliance with the client IT security program.
Duties and Responsibilities:
- The Application Lead will lead a team of experts in managing, evaluating and auditing all Contract required IT systems to ensure compliance with client IT Security standards as set forth in the client IT Security program.
- Perform A&A of all Contract, Contractor-Supplied Images, applications and stand-alone systems and general support systems used in support of the client support services contract.
- Depending on the classification of a system, the Application Security Lead shall use the client guidelines for conducting information system certifications. In addition, the Application Security Lead shall use current Guides to the Certification and Accreditation Process as guidance for the client certification methodology.
- Comply with the defined A&A process. The process consists of (i) generating an information system initial risk assessment report, (ii) developing the system security plan (SSP), and, (iii) supporting the security testing and evaluation, independent verification and validation, independent audits. The SSP is updated in each phase/step as the system development progresses and new information becomes available.
- Obtain, retrieve, compile, draft and prepare necessary documentation for inclusion to the SSP. The Contractor shall ensure that all drafts go thru Quality Assurance Review prior to delivery.
- Verify the accuracy of the System Security Plan (SSP), system architectural diagrams and identity of the systems being accredited as SBU, Classified, or higher levels.
- Provide guidance to application development teams on techniques and methods for incorporating good security practices into the development lifecycle.
-Experience with transitioning DICAP to RMF
- Perform and conduct independent Test and Evaluation to ensure that the system’s confidentiality, integrity and availability are maintained at the standards that are in accordance with client and Contract standards including Federal Information Processing Standards (FIPS) 140 and 199
- Perform System Architectural Analysis to include review of network connections and interfaces, review system application specification and requirements, specifically those relevant to system security and review other pertinent system development life cycle documentation.
- Assemble packages at the direction of the Government Client or Contract Management and provide copies of the package as needed.
- Prepare the package for delivery to management in order to obtain signature from the Certification Authority, who grants certification and the DAA or Authorizing Official, who grants the accreditation, which results in an approval to operate the system.
- Monitor dashboards to ensure and assist in validating that all security criteria and regulatory requirements are maintained and that changes that affect the A&A documentation are denoted.
- Use the government-appointed tool to input information or create an A&A package during the A&A process.
- Maintain compliance with both client IT Security policies and client’s continuous monitoring reporting requirements as required by the Federal Information Security Modernization Act (FISMA).
- Responsible for the development of IT security policies and maintaining acceptable level of integrity in use of IT on the contract. Responsible to develop IT security and protection training to all staff and specialized IT training to IT security staff.
- Responsible to report in breeches or attempt in beeches in IT security per the developed IT Security Plan.
- Responsible to develop the IT Security Plan.
- Report on program security status at monthly program reviews
Required qualifications to be successful in this role:
- Due to the nature of the government contract requirements and/or clearance requirements, US citizenship is required.
- Must have a Masters Degree in a related field.
- Must have an active CISSP
- ISC2 would be a plus.
- Must have a minimum of 10 years’ experience of Information Systems Security in support of the DHS or the DoD.
- Must be able to pass a CGI background check to start and maintain employment.
- Due to the nature of this government contract, US Citizenship is required.
- ITIL certification preferred
• TechFlow is an equal opportunity employer.
• Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.
• U.S. Citizenship is required.
• Work location is in Kearneysville, WV