Information Assurance / Security Specialist (Level 3)

US-DC
ID
2017-5670

Overview

ASRC Federal Vistronix is pursuing an opportunity identified as DHS Secure Enterprise Network Systems, Services, & Support (SENS3). The SENS3 program is planned to be a 6-year program and will directly support O&M, design, engineering, and Information System Security Services for the Department’s two secure networks.  ASRC Federal is committed to supporting the security services requirements in accomplishing the DHS’s objectives for SENS3. We are encouraging incumbents and all interested candidates to apply now for early consideration for this program as we build out our high performance team. 

 

 

Responsibilities

  • Perform or review technical security assessments of computing environments to identify points of vulnerability or non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.
  • Validate and verify system security requirements definitions and analysis and establish system security designs.
  • Design, develop, implement, or integrate IA and security systems and system components, including those for networking, computing, and enclave environments, such as those with multiple enclaves and differing data protection or classification requirements.
  • Contribute to security planning, assessment, risk analysis, risk management, and awareness activities for system and networking operations.
  • Serve as a subject matter expert for the assessment, design, and implementation of a variety of enterprise security prevention, detection, and response capabilities.
  • Lead engagements that assess, recommend, enhance, implement, and monitor a variety of security tools spanning multiple capabilities, including intrusion detection and prevention and security analytics, perform retrospective anomaly and malware detection leveraging Client-facing tools, and design and implement capabilities to integrate multiple sources of threat intelligence into various security tools.
  • Work closely with DHS SOC and other incident response teams to develop, tune, automate, and enhance network and host-based security devices and support the incident response fly away team with managing the response to client Cyber intrusions, performing extensive network and host triage, maintaining strict chain-of-custody, developing documentation and reports, and performing remediation, as required.
  • Maintain responsibility for a hands-on leadership role, including mentoring, training, and retaining staff with a wide range of skill sets and backgrounds.
  • Apply system security engineering expertise in one or more of the following system security design process: the engineering life cycle, information domain, cross-domain solutions, commercial off-the-shelf and government off-the-shelf cryptography, identification, authentication, and authorization, system integration, risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, auditing, the certification and accreditation process, principles of IA, such as confidentiality, integrity, non-repudiation, availability, and access control, and security testing.
  • Support security authorization activities in compliance with DHS 4300 B&C, CSS Information System Certification and Accreditation Process and DoD Information Assurance Risk Management Framework (DIARMF) process, the NIST Risk Management Framework (RMF) process, and prescribed CSS business processes for security engineering.
  • Integrate the Leidos FAST Methodology for VM Analysis, Reporting and Dash boarding.

 

 

Qualifications

 

 

  • BS degree in Computer Science, Information Security Management, or related field.
  • 10-15 year’s experience as an information systems security engineer (ISSE) in the fields of Disaster Recovery Testing and Incident Response.

Certifications: 

 

CISSP

CISA

Certified Business Continuity Professional (CBCP)

GIAC Certified Incident Handler (GCIH)

CERT-Certified Security Incident Handler (CSIH)

Certifies Ethical Hacking (CEH)

 

Required skills/experience:

 

  • Must have excellent oral and written communication skills.
  • Demonstrated experience with updating documents to reflect new security guidelines and impacts.
  • Experience with working as the primary security engineering representative on engineering teams for the design, development, implementation, evaluation, or integration of secure networking, computing, and enclave environments.
  • Experience with supporting the government in the enforcement of the design and implementation of trusted relationships among external systems and architectures.
  • Experience with supporting security planning, assessment, risk analysis, and risk management.
  • Experience with identifying overall security requirements for the proper handling of government data by interacting with the customer and other project team members.
  • Knowledge of how to use IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments.
  • Ability to serve as the primary security engineering representative on engineering teams for the design, development, implementation, evaluation, or integration of IA architectures, systems, or system components.
  • Experience and working knowledge of DHS Incident Response Procedures and NIST guidance.
  • Experience and working knowledge of DHS continuity of operations planning (coop), alerting, notification, and exercise testing procedures.
  • Experienced with Security Repository Tools such as Cyber Security Assessment and Management (CSAM) or Trusted Agent FISMA (TAF).
  • Experienced with POA&M Management.
  • Experienced with System and Network administration.
  • Sound knowledge of NIST SP 800-34 - Contingency Planning Guide for Federal Information Systems.
  • Sound knowledge of NIST SP 800-61 - Computer Security Incident Handling Guide.
  • Must have hands-on experience and extensive knowledge with NIST 800 Special publications standards and preparing documents such as: System Security Plans (SSPs), Contingency Plans (CPs), Risk Assessments Matrices (SRTMs), Business Continuity Plan (BCP), Business Impact Analysis (BIA), Security Impact Assessments (SIAs) for proposed System Configuration changes, as well as having a thorough understanding of NIST Special Publications 800-53, Rev3/4, 800-53A, and 800-37.

 

 

Desirable:

  •  Knowledge and experience with at least three of the five following criteria:
    1. Vulnerability scanning, auditing, assessment, and analysis
    2. Operating system and network knowledge (i.e., Windows Server 2003/2008, Linux, Local Area Networks [LAN] and Wide Area Networks [WAN])
    3. Information security and assurance principles associated with Disaster Recovery and Incident Response procedures
    4. Application security, database security, and network security recovery and reconstitution testing
    5. Participation in or acted as the lead on a Computer Security Incident Response Team (CIRT)
  • Linux engineering or Admin Experience.
  • Windows Engineering or Admin Experience.
  • Knowledge of DHS Networks.
  • Current DHS Entrance on Duty (EOD) within a headquarters component. 

  

This position requires an active Security Clearance.

 

Candidates will be subject to a government background investigation and must meet eligibility criteria for access to classified information. U.S. Citizenship is required.

 

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.

 

Benefits

 

At ASRC Federal Vistronix, we know our staff members work hard to exceed customer expectations, and we work hard to exceed the expectations of our staff! We are proud to offer a robust employee benefits package

 

Benefits include:

  • Medical, dental, prescription, and vision coverage
  • Health Advocate
  • Short-term and long-term disability, life & accidental death & dismemberment
  • Flexible Spending Accounts
  • 401(k) retirement plan with matching contributions
  • Tuition reimbursement
  • Employee Assistance Program
  • Paid time off and holidays

 

 

 

Advance your IT Career

Apply Now!

 

~CB~

~CJ~

~M~

  

 

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed