Senior-Information-Systems-Security

advertisement
Senior Information Systems Security Engineer (Risk Management)
VA/DC Area
Essential Functions and Job Responsibilities:
The senior information systems security (ISS) engineer provides operational risk management analysis
and support to DoD-managed systems across varying security classifications, architectures, mobile
devices, VPNs, and remote access architecture (SSL/TLS). The senior ISS engineer evaluates computer
systems and network security risks to determine methods to mitigate and eliminate threats,
vulnerabilities, and attacks and provides support to DoD customers through the following to include:
•
Providing Tier 3 computer network defense and oversight of DoD-managed systems for security
controls and security guidelines.
•
Providing integrated support to DoD stakeholders on managed networks by performing systems
security audits on a regular and scheduled basis.
•
Documenting all security infractions/instances and analyze trends for government reporting.
•
Reporting any anomalies, unapproved system configurations, incidents, and undesired activity
to the appropriate DoD management and support staff for resolution.
•
Acting as a liaison for independent audits by external agencies and act as a central POC for
remediation efforts requested by auditors.
•
Partnering with internal stakeholders to resolve any audit findings and providing briefings to
senior management while tracking POAMs and verify that findings are corrected.
•
Performing vulnerability management and oversight activities for all systems in the Test and
Production environments.
•
Identifying the findings that require a Plan of Action and Milestones (POAM) for remediation.
•
Tracking and monitoring VMS integrity verification and POAMs; escalating to DoD management
as necessary to incomplete service requests.
•
Monitoring the evolving DoD Risk Management Framework (RMF) guidance and adapt
vulnerability management processes and procedures in order to maintain compliance.
•
Evaluating proposed changes for security risks for customers’ IT environments and participating
in the Enterprise Change Control Board, reviewing Requests for Change (RFC), and performing risk
assessments on IT systems, hardware, and software.
•
Supporting and overseeing the server Validation and Verification (V&V) activities for all new and
modified applications in support of Certification and Accreditation efforts.
•
Identifying and evaluating residual risks stemming from the implementation of new systems or
changes to existing systems.
•
Identifying risk mitigation requirements based on Security Technical Implementation Guides
(STIGs).
•
Reporting any unapproved configuration changes that increase risk to DoD-managed systems to
key stakeholders within one business day of incident.
Minimum Requirements:
•
Seven or more years of experience with Information Assurance.
•
Four or more years of experience focused on designing, installing, and configuring IT systems
and networks in accordance with DoD IA policy (e.g., DoDI 8500.2, CJCSI 6510.01) and STIGs, to include
the configuration and use of security products.
•
Must hold one of the following certifications: CISA, GCIH, GCED, CISSP, or CASP.
•
Must hold one of the following certifications: MCITP, MCSE, MCSA, or GCWN,
•
Knowledgeable of DoD security policies, directives, and guidelines (e.g., DoDI 8500.2, CJCSI
6510.01, DISA STIGs)
•
Experienced working with the security configurations of network/system architecture design &
implementation related to Microsoft Server and Operating Systems, Red Hat Linux Enterprise OS, Unix
OS, VMWare, Oracle Databases, and border devices (i.e. firewall, VLANs).
•
Knowledge of encryption standards, vulnerability scanning, and application code scanning as
well as HBSS monitoring.
•
Experienced with managing IT security audits, Metrics, and Technical Writing.
•
Must hold an in-scope DoD Security clearance at the TS/SCI level.
Additionally Desired Qualifications:
•
Master’s degree in information systems, cyber security, or project management.
•
Experience supervising and leading others within one’s own profession
please send resume to lucy@military-civilian.com with job title and location in the subject line
Download