In support of our federal government customers, you will manage risk of operational information systems. You will monitor security posture using tools such as vulnerability, AV, and log management. You will participate in change management meetings to identify and assess impact of proposed changes, you will execute and update security-related processes such as account authorizations, POA&M updates.
You will also participate in implementation of a new cloud-based solution that will replace the current system. You will learn the new tools deployed for security management, developing new / revised processes for their use. You will then support the migration to the new system and decommission the old system. The new cloud system will be built on Microsoft Azure and include security tools for boundary protection, vulnerability management, intrusion detection, web application firewalls, and key management. Through your efforts, you will enable government agencies to adopt new technologies that streamline business processes or provide capabilities not presently available to them to better deliver on their mission.
The office location is in Washington DC where you are required to work at least 4 days per week with 1 day per week telework.
The responsibilities of this position include the following:
Leverage tools to automate processes, implement controls and perform monitoring wherever possible.
Constantly learn how to use new technologies and cloud services to reduce security risks, implement controls and automate control implementation.
Administer security tools, keep them updated, and learn how to get the most from the available tools to address security protection and detection needs as well as reporting of status
Attend regular change management meetings, identifying impacts to security, performing assessment and communicating impact to security posture with recommendations and ongoing security control assessments and updates to key documentation.
Perform vulnerability assessment and configuration audits of application using tools or services selected and implemented in the application design. Work with operations team to prioritize and track remediation.
Manage security situational awareness of system by monitoring account management, network and system logs, anti-virus and related security threat detection systems.
Monitor the system for information spills, executing incident response when necessary.
Schedule and conduct incident response and contingency plan tests.
Perform quarterly POA&M updates adding new weaknesses, updating existing weaknesses and reporting to System Owner and CISO.
Assist in development of System Security Plan, Incident Response Plan, IT Contingency Plan and associated procedures for the new cloud-based system.
Prepare for and assist in migration from current system to new cloud-based solution.
At least five (5) years of professional experience in information security / information assurance field
BS/BS in information technology or related field (or 5 additional years of experience)
Active DOD/DSS SECRET security clearance or higher
At least one of the following certifications: CISSP, CAP, CISA, or CCSK
Prior experience performing ISSO function in support of federal government agency
Strong analytical skills with solid verbal and written communication skills
Proficient with MS Office suite of tools
Experience with Microsoft Windows operating systems, Active Directory and networking
Experience with Tenable Nessus
Experience with Microsoft Azure