Tuesday, September 15, 2009

C & A Analyst - Washington DC

Principal Duties and Responsibilities:


  • Develop, update, and maintain appropriate Certification & Accreditation packages based on NIST standards for general support systems and major applications
  • Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application
  • Develop and maintain POA&M for all accepted risks upon completion of system C&A.
  • Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the system certification guidelines and procedures 
  • Able to provide support and guidance through the POA&M remediation process, C&A progress, including compliance monitoring of C&A artifacts, annual self-assessments (NIST 800-53), vulnerability scans.
  • Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53, FIPS-199/200, and 800-30.
  • Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with information technology security.
  • Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develop, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.

General Skills:

  • Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.
  • Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.
  • Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines; develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
  • Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
  • Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
  • Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training.
  • Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Other Skills/Qualifications (preferred/pluses):

  • Possess security certifications (CISSP, CISM, etc.)
  • Good communication skills
  • Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues
  • Ability to perform and interpret vulnerability assessments
  • Ability to administer the operations of a security infrastructure
  • Ability to balance and prioritize work


    Basic Qualifications
  • Bachelor's degree or equivalent combination of education and experience
  • Three or more years of experience in network, host, data and/or application security in multiple operating system environments
  • Demonstrate experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
  • Demonstrated Experience working with internet, web, application and network security techniques and working with relevant operating system security (Windows, Solaris, Linux, etc.)
  • Proven experience working with leading firewall, network scanning and intrusion detection products and authentication technologies
  • Demonstrated experience working with federal regulations related to information security (FISMA, Computer security Act, etc.) and with NIST Special Publications and C & A process methodology

Wednesday, April 29, 2009

Security Engineers, Washington DC


* 4 years of experience in LAN/WAN network
* 3 years of experience in network security in areas such as infosec, ids, etc.
* 3 years of experience in working with federal IT Security policies and procedures.
*  Experience working as as network/security lead is desired.
*  Excellent communication skills are required

The client will accept candidates with Secret clearances and upgrade them to Top
Secret. Please respond with you resume if you are interested in hearing more.

This is located in downtown DC and our client will interview very quickly.