Great Principal Security Specialist opportunity. Must be US CITIZEN and able to get a DOD Clearance.
We are currently looking for an experienced Principal Security Specialist to serve as an Information Assurance/IT Security Specialist II on one of our Department of Homeland Security contracts. This person will assist the ST&E Team to support the Office of Biometric Information Management (OBIM) Chief Information Security Officer (CISO) and appointed representatives with identifying accredited system security controls and boundaries, establishing procedures and resources for verifying their effectiveness, conducting security control assessments, developing Security documentation (SSP, SAR, Risk Assessments, etc.) and scheduling the verification activities at OBIM. In the execution phase, responsibilities will include verifying that the system security controls are implemented correctly and are producing the desired outcome.
Duties include but are not limited to:
Perform Security Assessments and Technical Security Reviews (TSR) for classified and unclassified systems;
Ensure adherence to the DHS Systems Engineering Lifecycle (SELC) and Change Management (CM) principles;
Develop and update testing procedures, Rules of Engagement (RoE) and security assessment scripts;
Review output from existing vulnerability assessment tools (Nessus, AppDetective, etc.) to validate findings and identify false positives;
Identify security risks, threats and vulnerabilities;
Use NIST SP800-53 (Rev 3 and 4) and DHS 4300A/B controls for testing the security controls within the C&A phase;
Review security controls using manual processes and automated tools;
Create, review, edit System Security Plans (SSP);
Perform Risk Analysis;
Work with ISSOs, developers, and System Owners on the assessment of systems under test;
Develop Security Assessment Reports (SAR)
Be able to obtain DHS Clearance
B.S. from an accredited institution in a Technical or Engineering related discipline. Relevant experience can be substituted in lieu of a degree.
Five (5) plus years of experience in IT Security with relevant security assessment planning and execution
In-depth knowledge of and experience in applying: OMB, DHS 4300A/B, FIPS, NIST SP-800 series standards; related Federal IT security mandates and best practices; and agency specific policies and directives derived from such
Excellent written and verbal communication skills
Excellent interpersonal skills
Active Secret, Top Secret or DHS Clearance
DHS Agency or other Component experience
CISSP, CISA or GIAC Certification