Tuesday, September 15, 2009

C & A Analyst - Washington DC

Principal Duties and Responsibilities:

 

  • Develop, update, and maintain appropriate Certification & Accreditation packages based on NIST standards for general support systems and major applications
  • Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application
  • Develop and maintain POA&M for all accepted risks upon completion of system C&A.
  • Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the system certification guidelines and procedures 
  • Able to provide support and guidance through the POA&M remediation process, C&A progress, including compliance monitoring of C&A artifacts, annual self-assessments (NIST 800-53), vulnerability scans.
  • Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53, FIPS-199/200, and 800-30.
  • Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with information technology security.
  • Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develop, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.

General Skills:

  • Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.
  • Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.
  • Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines; develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
  • Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
  • Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
  • Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training.
  • Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Other Skills/Qualifications (preferred/pluses):

  • Possess security certifications (CISSP, CISM, etc.)
  • Good communication skills
  • Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues
  • Ability to perform and interpret vulnerability assessments
  • Ability to administer the operations of a security infrastructure
  • Ability to balance and prioritize work

    Qualifications

    Basic Qualifications
  • Bachelor's degree or equivalent combination of education and experience
  • Three or more years of experience in network, host, data and/or application security in multiple operating system environments
  • Demonstrate experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
  • Demonstrated Experience working with internet, web, application and network security techniques and working with relevant operating system security (Windows, Solaris, Linux, etc.)
  • Proven experience working with leading firewall, network scanning and intrusion detection products and authentication technologies
  • Demonstrated experience working with federal regulations related to information security (FISMA, Computer security Act, etc.) and with NIST Special Publications and C & A process methodology

Wednesday, April 29, 2009

Security Engineers, Washington DC

Requirements:

* 4 years of experience in LAN/WAN network
* 3 years of experience in network security in areas such as infosec, ids, etc.
* 3 years of experience in working with federal IT Security policies and procedures.
*  Experience working as as network/security lead is desired.
*  Excellent communication skills are required

The client will accept candidates with Secret clearances and upgrade them to Top
Secret. Please respond with you resume if you are interested in hearing more.

This is located in downtown DC and our client will interview very quickly.

Tuesday, November 11, 2008

Information Security Analyst

POSITION DESCRIPTION:
Reports to the Information Technology Security Team Project Manager. The Information Security Analyst acts as a consultant, interfacing between the customer and IT security consulting team throughout the federal information system certification and accreditation life cycle. Responsible for NIST certification and accreditation as primary task area. Provides internal status reports, enforces quality control of project deliverables, and implements efficient processes and procedures for continuing improvement of services for the customer. The ideal candidate is very detail oriented with strong technical knowledge, superior writing skills, and excellent customer relationship management skills. He or she will be responsible for planning, developing, finalizing, and reviewing key deliverables in each stage of the certification and accreditation process. The Information Security Analyst will be actively engaged in identifying unique system characteristics; interviewing key organizational personnel (technical, administrative, and executive); working with consulting team to compose requisite documentation (security categorizations, risk assessments, contingency planning, etc.); and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices. The analyst will coordinate and plan all certification and accreditation activities for existing systems and those still in development (SDLC); provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc; work face-to-face with multiple stakeholders through interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition; conduct in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines; and analyze business models, workflows, and organizational dimensions as they relate to the design, implementation, and support of the information system.

REQUIRED EDUCATION:
Bachelor's degree in related field and 4+ years of related experience. Must have bachelor's degree or higher; no waivers accepted.

REQUIRED SKILLS:
Knowledge and hands-on experience with IT security architecture and design (firewalls, intrusion detection systems, virtual private networking, and virus protection technologies, LAN/WAN design, and general internetworking technologies), various operating systems and hardware, and basic programming and database training. Proficiency with advanced features of Microsoft Word 2003 and other Microsoft Office Suite 2003 applications including Outlook, PowerPoint, and Excel. Experience with Adobe Acrobat Professional. Excellent technical writing skills in the English language, excellent written and oral communication skills, desktop publication skills. Ability to work with minimal supervision, set priorities, and give attention to detail and quality, flexible, strong organizational and time management skills, ability to multi-task, ability to work individually and with a team, positive attitude, self-motivated, reliable, trustworthy, strong interpersonal skills, diplomacy, and ability to handle stress in professional manner. Professional business attire is required for client site work. The candidate must possess one or more of the following certifications: CISSP, CISA, CISM, GIAC, MCSE, CCNA, CCNP, GSSP, GPEN.

DESIRED SKILLS:
Knowledge of OMB A-130, FISMA, OMB Memos, Privacy Act of 1974, HIPAA, and Sarbanes-Oxley, and NIST Special Publications 800 series, and one or more of the following certifications: ITILv3, COBIT. Experience in the financial services market is beneficial but not required.

SECURITY CLEARANCE REQUIREMENTS:
U.S. citizen and High Public Trust clearance (6C).

WORK LOCATION:
Hyattsville, MD. Travel: 0-25%.

WORK HOURS:
Day shift, Monday though Friday, 40 hours/week.
Subscribe to: Posts (Atom)