Information Assurance / Security Specialist (Level 3)

US-DC
ID
2017-5672

Overview

ASRC Federal Vistronix is pursuing an opportunity identified as DHS Secure Enterprise Network Systems, Services, & Support (SENS3). The SENS3 program is planned to be a 6-year program and will directly support O&M, design, engineering, and Information System Security Services for the Department’s two secure networks.  ASRC Federal Vistronix is committed to supporting SENS3 in accomplishing the DHS’s objectives for SENS3. We are encouraging incumbents and all interested candidates to apply now for early consideration for this program as we build out our high performance team.

 

 

 

Responsibilities

  • Maintain operational security posture for the DHS information systems.
  • Support security assessment and authorization (A&A) activities in compliance with the NIST Risk Management Framework (RMF), DHS 4300B&C, ICD 503 and DCID 6/3
  • Perform vulnerability/risk assessment analysis to support A&A and Security Test and Evaluations (ST&E).
  • Prepare and review documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, Plan of Action and Milestones (POA&Ms), and System Requirements Traceability Matrices (SRTMs).  
  • Accept & Distribute Information Security Vulnerability Management (ISVM) alerts
  • Perform Security Assessments, VM & Continuous Monitoring (CVE, CCE, CPE, HWAM, SWAM, CSM, VULN)
  • Participate as a contributing team member of the Patch and Vulnerability Management Group (PVG) and provide assistance to O&M and system administrators
  • Create and Manage POA&Ms
  • Integrate the Leidos FAST Methodology for VM Analysis, Reporting and Dash boarding    

Qualifications

  • BS degree in Computer Science, Information Security Management, or related field
  • 5-10 year’s experience dedicated to Information Assurance, Information Security, & C&A/A&A

 

Certifications:

 

Security+

CISSP

CISA

CEH

 

Required skills/experience:

 

  • Must have excellent oral and written communication skills.
  • Demonstrated experience with updating documents to reflect new security guidelines and impacts.
  • Demonstrated experience with reviewing architecture changes for security impacts and possible recertification
  • Demonstrated experience with establishing standards for information systems procedures
  • Utilization of automated scanning products such as: BigFix, Nessus, Retina, Core Impact
  • Knowledge of security best practices such as; defense in-depth, least privileges, need-to-know, separation of duties, access controls, encryption, etc.
  • Experience with FIPS 199/200 and Security Awareness Training (to include different possible social engineering attacking techniques)
  • Experienced with FISMA A&A continuous monitoring
  • Experienced with providing FISMA Vulnerability and Compliance Scanning
  • Experienced with a working knowledge of SPLUNK
  • Experience of A&A Core Documentation development (i.e. SSP, BCP, DRP, ISCP, BIA, FIPS 199 & 200)
  • Experienced in assessing and maintaining a FIPS 199 High Category Federal system
  • Experienced with Security Repository Tools such as Cyber Security Assessment and Management (CSAM) or Trusted Agent FISMA (TAF)
  • Experienced with POA&M Management
  • Experienced with System and Network administration
  • Sound knowledge of risk management and assessment (both qualitative and quantitative) using NIST SP 800-30 and 800-39
  • Must have hands-on experience and extensive knowledge with NIST 800 Special publications standards and preparing documents such as: System Security Plans (SSPs), Contingency Plans (CPs), Risk Assessments Matrices (SRTMs), Business Continuity Plan (BCP), Business Impact Analysis (BIA), Security Impact Assessments (SIAs) for proposed System Configuration changes, as well as having a thorough understanding of NIST Special Publications 800-53, Rev3/4, 800-53A, and 800-37

Desirable:

 

Knowledge and experience with at least three of the five following criteria:

  • Vulnerability scanning, auditing, assessment, and analysis
  • Operating system and network knowledge (i.e., Windows Server 2003/2008, Linux, Local Area Networks [LAN] and Wide Area Networks [WAN])
  • Information security and assurance principles and associated supporting technologies
  • Application security, database security, and network security
  • Networking / Firewall Access Control
  • Linux engineering or Admin Experience
  • Windows Engineering or Admin Experience
  • Knowledge of DHS Networks
  • Current DHS Entrance on Duty (EOD) within a headquarters component.             

 

 

This position requires an active Security Clearance.

 

Candidates will be subject to a government background investigation and must meet eligibility criteria for access to classified information. U.S. Citizenship is required.

 

ASRC Federal and its Subsidiaries are Equal Opportunity / Affirmative Action employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.

 

 

Benefits

 

At ASRC Federal Vistronix, we know our staff members work hard to exceed customer expectations, and we work hard to exceed the expectations of our staff! We are proud to offer a robust employee benefits package

 

Benefits include:

  • Medical, dental, prescription, and vision coverage
  • Health Advocate
  • Short-term and long-term disability, life & accidental death & dismemberment
  • Flexible Spending Accounts
  • 401(k) retirement plan with matching contributions
  • Tuition reimbursement
  • Employee Assistance Program
  • Paid time off and holidays

 

 

 

Advance your IT Career

Apply Now!

 

~CB~

~CJ~

~M~

        

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed