DSA is hiring an Information Security Analyst - Subject Matter Expert. This is a full-time position supporting the Administrative Office of the US Courts and is contingent upon successful contract award. 

Location is Hybrid: On-site in Washington D.C with the option for telework as approved. 

Core work hours dedicated to DSA and our direct customer are 8 am Est to 5 pm Est. 

The Administrative Office of the US Courts includes the Chief Operating Officer (COO) Information Security & Validation Staff (ISVS) who are responsible for governing, overseeing, developing, strengthening, and maintaining the information security posture within COO Offices to meet and exceed enterprise security standards. Their mission is to proactively ensure the integrity, confidentiality, and availability of critical judiciary information assets through a comprehensive, rigorous security approach via our governance, risk management, and compliance (GRC) program.

The Information Security Analyst SME will be responsible for enhancing cybersecurity for its customers including cybersecurity systems support, cybersecurity compliance, and cybersecurity risk management for a comprehensive IT system portfolio.

Primary Responsibilities:

• Prepare Information Systems: Carry out activities at various levels to help manage security and privacy risks using the JISF and NIST RMF.
• Categorize Information Systems: Determine the adverse impact to Judiciary operations and assets, individuals, other organizations, and the Nation.
• Select Security Controls: Select, tailor, and document the controls necessary to protect the information system and organization.
• Implement Security Controls: Implement the government-approved security controls specified in the Security Plan.
• Assess Security Controls: Determine if the controls selected for implementation are operating as intended and producing the desired outcome.
• Authorize Information System: Provide accountability by requiring a government senior management official to determine if the security and privacy risk is acceptable.
• Monitor Security Controls: Maintain ongoing situational awareness about the security and privacy posture of the information system.
• Common Control Identification: Identify, document, and publish Judiciary-wide common controls available for inheritance by Judicial systems.
• Mission or Business Focus: Identify and document the missions, business functions, and mission/business processes that the system is intended to support.
• System Stakeholders: Identify stakeholders who have an interest in the design, development, implementation, assessment, operation, maintenance, or disposal of the system.
• Asset Identification: Identify assets that require protection.
• Authorization Boundary: Determine the authorization boundary of the system.
• Information Types: Identify the types of information to be processed, stored, and transmitted by the system.
• Information Life Cycle: Identify and understand all stages of the information life cycle for each information type processed, stored, or transmitted by the system.
• Risk Assessment—System: Conduct a system-level risk assessment and update the risk assessment results as needed.

Required Qualifications:

• Ability to obtain a Public Trust
• Bachelor's degree in information technology or related field required
• Excellent written and verbal communication skills.
• Seven (7) years of IT system security experience including five years of specialized InfoSec Governance, Risk and Compliance (GRC) experience of which two years were direct supervisory experience.
• Ability to obtain a Public Trust Suitability Determination: Medium Risk Level 2
• Excellent attention to detail.
• Ability to handle and prioritize multiple tasks and deadlines.

Desired Qualifications:

• Information security certifications (CISSP, etc.) 
• Master's in information security