Cyber Security Specialist
Our growing company is looking for a CSS that will be responsible for Information Assurance security oversight and administration of systems and networks supporting trusted operating systems and multilevel security network hardware involving various platforms. Will provide security support for system and network solutions leading to the development of proof of concept and/or system C&A. This person will also participate in technical exchanges, in-progress reviews and related engineering and acquisition meetings and forums, and generate plans and procedures relating to systems security activities.
-5+ years of experience with varied information security disciplines, including risk management, assessment and authorization, and security testing
-3+ years of experience with performing security assessments for information systems, developing deficiency findings, and writing system security plans
-Experience with implementing ISO27000 or NIST IT security publications and guidelines, including SP 800-series, FIPS 199, and OMB regulations and FISMA
-Experience with determining systems, network, or infrastructure security requirements and controls against various industry guidance and best practices
-Experience with security control implementation using tools for security control assessments, vulnerability assessment scans, and federal security standards, including FISMA, NIST, DHS, and DIACAP assessment and implementation
-Ability to obtain a security clearance
-Experience with performing risk assessments
-BA or BS degree
-ISO 27001 Lead Auditor or Implementer Certification
Performs control and vulnerability assessments to identify weaknesses and assess the effectiveness of existing controls, and recommends remedial action.
Reports to information security management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
Participate in project reviews, incident debriefs and evaluation (such as audit) reviews to understand the issues and gaps, factor into continuous improvement and alter/enhance the education and communication plans.
Engage critical initiatives for security governance and oversight and establish operational security risk assessment program with measures and continuous improvement plans
Plays an advisory role in application development or acquisition projects, to assess security requirements and controls and ensure that security controls are implemented as planned
Contributes to the development of security architecture and security policies, principles and standards
Develops security processes, procedures, and supporting service-level agreements (SLAs) to ensure that security controls are managed and maintained
Defines security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems.
Develops and validates baseline security configurations for operating systems, applications, networking and telecommunications equipment
Leads and trains team members in the use of security tools, the preparation of security reports and the resolution of security issues
Performs real-time monitoring, intelligence, and incident management activities to ensure is protected at all times.
Evaluate, design, implement and maintain an overall cybersecurity monitoring and incident response capability across the enterprise that provides consistent security monitoring, incident response and follow up investigation and determination of root cause.