POSITION/TITLE: Sr. Security Specialist
EMPLOYMENT STATUS: Regular/Full Time
REPORTS TO: Project Manager
POSITION SUMMARY: To provide assistance to the client in support of the security authorization activities, operational, and management security controls on various systems, applications, network
devices, and security architectures based on the Risk Management Framework within DOC’s IT Security Program Policy, Federal Information Security Management Act (FISMA) and NIST guidance.
ESSENTIAL DUTIES & RESPONSIBILITIES:
Evaluate and apply the technical, operational, and management security controls on various system, applications, network devices, and security architectures.
Provide system security officer support and provide security assessment activities as required by FISMA and Special Publication (SP) 800-37. Reviewing system boundaries, completing and/or updating system security plans, network diagrams, hardware asset and software inventories, and contingency plans.
Perform security assessments to include vulnerability scanning and secure configuration testing.
Assess information security risks, threats, vulnerabilities and evaluate and assess compliance with established IT policies and regulations.
Perform onsite evaluations of IT configurations and documenting assessment steps, results, and risk.
Documents findings, and summarizes recommendations in written and oral form for customer. This required security documentation shall include all or a portion of the following:
o Security Assessment Report – Executive summary of security testing activities, description of identified risks, and plans of actions and milestones
o System Security Plan – Description of system and applicable security controls
o System Diagram – Network diagram depicting physical architecture of the system
o Software Inventory – List of major software included within the system
o Asset Inventory – List of hardware and operating systems included within the system
o Contingency Plan – List of components of the system that are backed up for recovery purposes, description of how they are backed up, and tested
o Privacy Threshold Analysis – Determines if Personally Identifiable Information (PII) or Business Identifiable Information (BII) is processed or stored within the system
o Privacy Impact Analysis – Questionnaire concerning the nature and protection of PII/BII if it is processed or stored within the system
o Security Assessment Plan – Test plan and results for applicable security controls
o Vulnerability Scan Analysis – Description and risk levels of identified vulnerabilities
Develop, update and maintain appropriate Certification & Accreditation packages
ADDITIONAL DUTIES & RESPONSIBILITIES:
Work independently with senior security staff and SSOs to complete full security Assessment and Authorization (A&A) packages with minimal supervision. Must be able to handle both the documentation and technical requirements.
Work deliverables must meet Government objectives and quality control expectations
Analyze client requests and work in close cooperation to solve all request related issues
Participate in Technical Exchange Meetings as requested.
Experience & Competencies:
Experience with technical vulnerability scanning and secure configuration assessments, and documenting analysis of results
10+ Years of related IA Experience Experience with the identification, documentation, and testing of security controls for information technology systems in accordance with the above NIST guidance.
Experience with identification of security risks (threats/likelihood/impact) to the system, networks, and organization and documenting risks for management review.
Experience with analyzing vulnerabilities and providing guidance on secure IT implementation of various operating systems (e.g. Windows, UNIX, Linux, and Macintosh. Knowledge of computer hardware and operating systems (Windows, UNIX, and MAC).
Experience with analyzing vulnerabilities and providing guidance on secure IT implementation of various applications (e.g. Oracle, SQL Server, Apache, and IIS.) and strong assessment skills
Ability to evaluates and apply the technical, operational, and physical information security to various system, applications, network devices, and security architectures.
Thorough knowledge of FISMA guidelines and the latest versions of NIST special publications (SP) 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, 800-60.
Good written and oral skills
Expert proficiency in Windows, Macintosh, and Unix operating systems; Microsoft Office, including Sharepoint and Access; management software such as Active Directory, Altiris, ePO, Mac OS X Server, and Centrify; encryption software such as BitLocker, FileVault, and PGP; and security tools including Symantec Endpoint Protection, McAfee Security, Nessus and SARA security scanners; and Websense content management.
MS/MA in Computer Science, Information Systems Engineering, or other related Scientific or technical discipline.
CERTIFICATES & LICENSES REQUIRED:
At least one of the following: CISSP, CAP, or SANS GIAC
Please fill out the online application below, save it to your computer, and send it along with your resume as an attachment to the CIPS Human Resources E-Mail address: