Senior Information Assurance Subject Matter Expert with Security
- Recruiter
- Anonymous Employer
- Location
- United States
- Salary
- Competitive
- Posted
- 05 Nov 2024
- Closes
- 10 Nov 2024
- Job Type
- Information Assurance
- Employer Sector
- Technology, IT & Telecoms
- Contract Type
- Permanent
- Hours
- Full Time
Our DC Metro based client is looking for Senior Information Assurance Subject Matter Expert. If you are interested in this position. Please submit your application to Work location: St. Elizabeth Campus DC Metro Job Responsibilities Sr. Information Assurance Subject Matter Expert to join its dynamic St. Elizabeths Technology Insertion Program (TIP). The successful candidate will have the ability to adapt with the ever changing threat landscape to continually assess and test security posture of DHS information systems. This role will work in both individual and group environments at a fast–paced operational temp and will need to be a highly motivated individual who is serious about working to strengthen national security against evolving threats. The desired candidate will have working knowledge of security engineering practices within DHS/DoD and use project management methodologies to successfully direct tasking, scheduling, and delivery activities. Responsibilities:
Work with other information and physical security system security personnel, IT Operations and Enterprise Management System engineering teams and others to implement, refine and maintain an appropriate vulnerability and patch management security program
Manage the St. Elizabeths Vulnerability Management Team tasked with:
Defining/supporting DHS vulnerability management and security assessment standards and metrics
Conducting and maintaining vulnerability scanning on networks, systems and applications
Producing actionable, risk–based reports on security assessment results
Managing, training and mentoring more junior team members
Assisting with vulnerability remediation when necessary
Developing and maintaining security plans and security testing plans
Deliver expected results based on appropriate FISMA score category targets across 7 of 11 security automation domains for Continuous Monitoring of system risk
Report directly to IA SME Lead and assist other security life cycle activities as necessary
Direct Recertification & Accreditation activities for 8 (eight) discrete IP–based networks and assist IA SME Lead with managing schedule to completion (ATO)
Be responsible and accountable for all task and reporting deadlines
Continuously improve risk models, metrics, reports, processes, and activities Qualifications:
8–10 years of information security management experience, preferably in the DoD/DHS/DOE context
Advanced knowledge of network security concepts, best practices and procedures including FISMA/NIST RMF and DITSCAP/DIACAP
Experience managing vulnerability mitigation and information security process in an enterprise environment
Experience managing vulnerability assessment teams Proven ability to Lead customer–facing reporting and negotiation activities
Ability to produce and disseminate reports for vulnerability assessments and compliance reporting
Strong knowledge of Windows client/server, NIX systems, VMWare, networking, VTC/ VoIP, device firmware, web/application servers, databases, and network architectures (hands on preferred, manages highly technical team)
Ability to manage vendor relationships and track externally dependent patching activities, driving the threat research life cycle
Ability to learn complex computing environments quickly, memorization skills desired
Broad understanding of all aspects of IT and enterprise systems interoperability (OSI Model, SDLC, ITIL, etc.)
Coordinate with other team (SOC, IR, RMD, Ops, Management, etc.) activities as necessary
Support threat intelligence activities when required Education/Equivalent
Training Required Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
Experience (state type and preferred # of years) 8–10 years of related experience in data security administration, including supervisory experience Required skills/experience:
• ISSO experience a must
• Current DHS HQ Entry on Duty (EOD) holders given preference
• Active DoD TOP SECRET or above required
• Strong communication skills and the ability to work with diverse teams
• CISSP certification or other DoDI 8570 IAM II required (will consider other management certs e.g., PMP)
Work with other information and physical security system security personnel, IT Operations and Enterprise Management System engineering teams and others to implement, refine and maintain an appropriate vulnerability and patch management security program
Manage the St. Elizabeths Vulnerability Management Team tasked with:
Defining/supporting DHS vulnerability management and security assessment standards and metrics
Conducting and maintaining vulnerability scanning on networks, systems and applications
Producing actionable, risk–based reports on security assessment results
Managing, training and mentoring more junior team members
Assisting with vulnerability remediation when necessary
Developing and maintaining security plans and security testing plans
Deliver expected results based on appropriate FISMA score category targets across 7 of 11 security automation domains for Continuous Monitoring of system risk
Report directly to IA SME Lead and assist other security life cycle activities as necessary
Direct Recertification & Accreditation activities for 8 (eight) discrete IP–based networks and assist IA SME Lead with managing schedule to completion (ATO)
Be responsible and accountable for all task and reporting deadlines
Continuously improve risk models, metrics, reports, processes, and activities Qualifications:
8–10 years of information security management experience, preferably in the DoD/DHS/DOE context
Advanced knowledge of network security concepts, best practices and procedures including FISMA/NIST RMF and DITSCAP/DIACAP
Experience managing vulnerability mitigation and information security process in an enterprise environment
Experience managing vulnerability assessment teams Proven ability to Lead customer–facing reporting and negotiation activities
Ability to produce and disseminate reports for vulnerability assessments and compliance reporting
Strong knowledge of Windows client/server, NIX systems, VMWare, networking, VTC/ VoIP, device firmware, web/application servers, databases, and network architectures (hands on preferred, manages highly technical team)
Ability to manage vendor relationships and track externally dependent patching activities, driving the threat research life cycle
Ability to learn complex computing environments quickly, memorization skills desired
Broad understanding of all aspects of IT and enterprise systems interoperability (OSI Model, SDLC, ITIL, etc.)
Coordinate with other team (SOC, IR, RMD, Ops, Management, etc.) activities as necessary
Support threat intelligence activities when required Education/Equivalent
Training Required Bachelors Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.
Experience (state type and preferred # of years) 8–10 years of related experience in data security administration, including supervisory experience Required skills/experience:
• ISSO experience a must
• Current DHS HQ Entry on Duty (EOD) holders given preference
• Active DoD TOP SECRET or above required
• Strong communication skills and the ability to work with diverse teams
• CISSP certification or other DoDI 8570 IAM II required (will consider other management certs e.g., PMP)