Founded in 1995 at the start of the dot-com revolution, TechFlow helped large commercial clients such as Dreamworks, Toshiba, MGM, and others modernize their business systems. Today, with deep operational roots in the bi-coastal innovation hubs of California and Washington DC, TechFlow continues as a leader in applying innovative engineering, technology, integration solutions, and support services to the Federal Government’s most demanding mission and business challenges.
TechFlow, Inc. is hiring an IT Assessment and Authorization Specialist to provide technical services in areas of desktop hardware, voice, and audio/video set ups. The IT Assessment and Authorization Specialist concentrates on overall technical and operational effectiveness of capabilities in coordination with leadership. They will be responsible for assisting and maintaining a formal Information Security Program that includes recommendations on continuous improvement of the processes and architectures supporting the overall operational activities.
- Concentrate on overall technical and operational effectiveness of capabilities in coordination with the designated staff management.
- Maintain and make accessible documentation of all operational and business process activities in the form of Standard Operating Procedures (SOPs).
- Assist and maintain a formal Information Security Program with their stakeholders.
- Monitor and track projects in the A&A queue.
- Analyze SSPs to develop an understanding of the systems and applications.
- Coordinate A&A actions and system testing with appropriate security personnel.
- Develop risk assessment, recommend mitigating countermeasures, and write short, succinct risk assessment, and certification reports for submission to the Chief Information Officer (CIO).
- Act as an A&A project register.
- Manage the A&A registration process.
- Monitor and track projects in the A&A queue.
- Maintain a document repository where A&A project documentation is stored and recorded, and register actions concerning project approvals to operate in the A&A database.
- Assemble and submit A&A packages to the Principal Accreditation Authority or Designated Accreditation Authority.
- Support the product selection process, approving product changes and modifications.
- Review and approve product requests for procurements to ensure it meets security requirements.
- Engage in technical meetings during the project engineering process to provide security guidance in terms of policy and technical implementation of those policies.
- Produce and assist with production of technical artifacts required for A&A packages such as write documentation like System Security Plan, Audit Strategy, Configuration Management Plan, Security Controls Traceability Matrix, Project Plan of Action and Milestones.
- Monitor and address cyber risks such as malware, zero-day attacks, denial of service attacks, as well as associated mitigations regarding computer and network devices.
- Bachelor’s degree in management information systems, information assurance, computer engineering, or other closely related IT and cybersecurity discipline or equivalent work experience.
- Experience in the Risk Management Framework (RMF) methodology.
- Experience managing document repositories and databases.
- Experience in the use of process tracking and document control software.
- Experience with writing, communications, and briefing skills.
- Experience with technical guidance and oversight both to technical and non-technical, senior level personnel.
- Experience organizing, planning and prioritizing multiple tasks to complete work on schedule.
- Experience in INFOSEC policies, regulations, and guidance’s.
- Experience with cyber risks such as malware, zero-day attacks, denial of service attacks, as well as associated mitigations regarding computer and network devices.
- Pattern of excellent customer service skills and the ability to collaborate with clients at all levels.
- Active TS SCI security clearance with full scope polygraph
- Experience with the current A&A process.
- Certified Information Systems Security Professional (CISSP).
- Knowledge of the current standard project cycle.
- Experience with a diverse information technology infrastructure, including operating systems, major application systems, and network architecture.
TechFlow, Inc is 100% employee-owned. Come make a difference in a job that contributes to your future and helps us build an agile workplace!
- Employee stock ownership plan (ESOP) – Pride in being an employee-owner and annual employer contribution (per plan guidelines)
- 401k plan with Roth option.
- Eligibility for an employer match.
- Immediate vesting
- Paid time off
- Holidays – 10 paid holidays per year
- Comprehensive medical, dental, and vision plans
- Company-paid Life & AD&D insurance plan
- Employee Assistance Program
- Wellness Resources
- Company-paid training and development program
- Voluntary benefits include:
- Life & AD&D Insurance for employee, spouse, and children
- Short-term and long-term disability (per plan guidelines)
- Legal Shield and Identity Theft protection plans
- Pet Insurance