Information Assurance Systems/Network Specialist
Job Description The Information Assurance Systems Specialist shall provide support to plan, coordinate, and implement the organization's information security.
Provides support for facilitating and helping agency identify their current security infrastructure and define future programs, design and implementation of security related to IT systems.
The Information Security Specialist also oversees the efforts of security staff to design, develop, engineer and implement solutions to security requirements.
They would be responsible for the implementation and development of the DHS IT systems security.
Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs.
Working knowledge of the following areas is required:
ArcSight o Responsible for reviewing, documenting and researching ArcSight alerts.
o Monitoring effectiveness of alerts and recommend rule modification when required.
o Performing Impact analysis, investigations and conducting weekly status meetings with the government and ArcSight SMEs to report related statistics as required to quickly identify potential cyber-attacks, material weaknesses and vulnerabilities.
Change Request (CR) Security Reviews o Assessing CRs from a technical security perspective in conjunction with review boards to ensure changes do not introduce new security concerns.
o Providing weekly/monthly updates to the tracking repository to maintain historical information, running totals and reporting results to the client.
Risk Management o Must demonstrate an understanding of business security practices and procedures and familiarity Identify and analyze potential threat activity o Harden the configuration of devices and networks utilizing DOD Best Practices o Identify and report unresolved security exposures with mainstream risks associated with commercial products and current Internet/EC technology.
Hardware/software security implementation, Different communication protocols, Encryption techniques/tools.
o Familiarity with commercial products, and current Internet/mobile technology.
Certification and Accreditation (C) o Ability to support C, continuous diagnostics and mitigation and related initiatives.
o Experience creating and resolving POA Documentation o Developing and maintaining documentation for security systems and procedures o Experience in developing System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan Key Tasks and Responsibilities Complete assigned security tasks to successful completion.
Performs risk analyses which also includes risk assessment.
Directs and controls activities for clients, methods, and staffing to ensure that technical requirements are met.
Developing deliverables associated with FISMA security package including but not limited to:
System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan Work to complete ATO packages complaint to NIST SP 800-37 guidelines Adhere to NIST Risk Management Framework to support analyzing development of supporting policies, procedure and plans Adhere to NIST Risk Management Framework for implementation of security controls and analyzing corrective action plans Work with the System Owners, ISSOs and other stakeholders to complete assessment report Track and update POA entries Analyze IT security events to distinguish events that qualify as security incidents as opposed to non-incidents Maintain working knowledge of network communications, routing protocols and common internet applications/standards Maintain information system inventories Perform SIEM monitoring and analysis Ability to serve as Information System Security Officer.
Job Requirements Required Education & Experience Bachelor's Degree or higher and/or 5
years of related experience The ideal candidate should be able to demonstrate working knowledge with several of the following concepts or technologies:
Security Information and Event Management tools (eg ArcSight, Splunk, etc.
) Firewall Devices/Platforms (.
e.
g Palo Alto, Cisco ASP) Firewall Rule Reviews and Rule Analysis Enterprise Risk Assessments, security strategy and cloud computing terminology (eg AWS) Xacta OpenShift Amazon Web Services (AWS) Certification Requirements Relevant commercial certifications desired (Security+, CISSP) Clearance Requirements Candidate must be a US Citizen, possess DHS Suitability background investigation or be eligible to qualify for DHS Entry of Duty background investigation followed by DHS Public Trust Clearance Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.
) None EOE AA M/F/Vet/Disability EEO is the Law:
www1.
eeoc.
gov/employers/upload/eeoc_self_print_poster.
pdf CWS employees working at a government customer location must comply with all COVID-19 customer requirements which may include:
mandatory vaccination, mandatory attestation of one's vaccination status, and mandatory weekly or bi-weekly testing.
.
Estimated Salary: $20 to $28 per hour based on qualifications.
Provides support for facilitating and helping agency identify their current security infrastructure and define future programs, design and implementation of security related to IT systems.
The Information Security Specialist also oversees the efforts of security staff to design, develop, engineer and implement solutions to security requirements.
They would be responsible for the implementation and development of the DHS IT systems security.
Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs.
Working knowledge of the following areas is required:
ArcSight o Responsible for reviewing, documenting and researching ArcSight alerts.
o Monitoring effectiveness of alerts and recommend rule modification when required.
o Performing Impact analysis, investigations and conducting weekly status meetings with the government and ArcSight SMEs to report related statistics as required to quickly identify potential cyber-attacks, material weaknesses and vulnerabilities.
Change Request (CR) Security Reviews o Assessing CRs from a technical security perspective in conjunction with review boards to ensure changes do not introduce new security concerns.
o Providing weekly/monthly updates to the tracking repository to maintain historical information, running totals and reporting results to the client.
Risk Management o Must demonstrate an understanding of business security practices and procedures and familiarity Identify and analyze potential threat activity o Harden the configuration of devices and networks utilizing DOD Best Practices o Identify and report unresolved security exposures with mainstream risks associated with commercial products and current Internet/EC technology.
Hardware/software security implementation, Different communication protocols, Encryption techniques/tools.
o Familiarity with commercial products, and current Internet/mobile technology.
Certification and Accreditation (C) o Ability to support C, continuous diagnostics and mitigation and related initiatives.
o Experience creating and resolving POA Documentation o Developing and maintaining documentation for security systems and procedures o Experience in developing System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan Key Tasks and Responsibilities Complete assigned security tasks to successful completion.
Performs risk analyses which also includes risk assessment.
Directs and controls activities for clients, methods, and staffing to ensure that technical requirements are met.
Developing deliverables associated with FISMA security package including but not limited to:
System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan Work to complete ATO packages complaint to NIST SP 800-37 guidelines Adhere to NIST Risk Management Framework to support analyzing development of supporting policies, procedure and plans Adhere to NIST Risk Management Framework for implementation of security controls and analyzing corrective action plans Work with the System Owners, ISSOs and other stakeholders to complete assessment report Track and update POA entries Analyze IT security events to distinguish events that qualify as security incidents as opposed to non-incidents Maintain working knowledge of network communications, routing protocols and common internet applications/standards Maintain information system inventories Perform SIEM monitoring and analysis Ability to serve as Information System Security Officer.
Job Requirements Required Education & Experience Bachelor's Degree or higher and/or 5
years of related experience The ideal candidate should be able to demonstrate working knowledge with several of the following concepts or technologies:
Security Information and Event Management tools (eg ArcSight, Splunk, etc.
) Firewall Devices/Platforms (.
e.
g Palo Alto, Cisco ASP) Firewall Rule Reviews and Rule Analysis Enterprise Risk Assessments, security strategy and cloud computing terminology (eg AWS) Xacta OpenShift Amazon Web Services (AWS) Certification Requirements Relevant commercial certifications desired (Security+, CISSP) Clearance Requirements Candidate must be a US Citizen, possess DHS Suitability background investigation or be eligible to qualify for DHS Entry of Duty background investigation followed by DHS Public Trust Clearance Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.
) None EOE AA M/F/Vet/Disability EEO is the Law:
www1.
eeoc.
gov/employers/upload/eeoc_self_print_poster.
pdf CWS employees working at a government customer location must comply with all COVID-19 customer requirements which may include:
mandatory vaccination, mandatory attestation of one's vaccination status, and mandatory weekly or bi-weekly testing.
.
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
