Thursday, March 20, 2008
Security Analyst
We have a requirement for one security analyst starting in April 2008 through at least September 2008.. The individual must have a good understanding of the Information Security Body of Knowledge, with FISMA and NIST security standards, CObIT Controls Framework, Sarbanes-Oxley Technical Standards, and hands-on experience performing certification reviews based on NIST security control requirements (Special Publication 800-53) and Information Security audits based on SOX 404. The individuals will be assigned to work with existing security staff to assist with the evaluation of internal controls and will assist with the redesign of controls that need to be strengthened to satisfy SOX 404 certification requirements. Individual must have work experience with both FISMA and SOX.
Both CISSP and CISA certification are required.
Certification & Accreditation Professional/Information Security Leader - Washington DC
Travel: New Mexico 30-50%( All covered)
Clearable
- Develop and execute a Certification & Accreditation program within a major Government Agency. Must possess experience with NIST or DITSCAP standards. Requires 5 years of related security experience with a BS degree. If candidate does not possess a degree then he/she must possess 9 years of experience. It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar security professional certification.
Principal Duties and Responsibilities:
**Develop, update, and maintain appropriate Certification & Accreditation packages based on NIST standards for general support systems and major applications
**Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application
**Develop and maintain POA&M for all accepted risks upon completion of system C&A.
**Assist the government with developing a network of public and private sector organizations capable of providing cost effective, quality, system and network security assessment and certification based on unified federal guidelines and procedures
**Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the system certification guidelines and procedures - Able to provide support and guidance to ISSO/SO's through the POA&M remediation process, Certification & Accreditation (C&A) progress, including compliance monitoring of C&A artifacts, annual self-assessments (NIST 800-53), vulnerability scans.
- Able to assist with many other ISSO responsibilities including documentation, policy compliance, and CM review, as well as user training.
- Working knowledge of the Trusted Agent FISMA Tool (TAFT) and the Risk Management System (RMS).
- Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53, FIPS-199/200, and 800-30.
- Working knowledge of Microsoft Office Suite (to include Excel, Word, and Powerpoint).
- Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
- Assist in ongoing training efforts for TAFT, RMS, FISMA and related IT Security mandates which may include developing and presenting briefings given to an audience of other IT professionals.
- Participates in the development and maintenance of reports which serve to monitor and track multiple FISMA related metrics.
- Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with information technology security.
- Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develops, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.
General Skills:
- Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.
- Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.
- Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines. Develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
- Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
- Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
- Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training.
- Assesses the impact on the business unit/customer caused by theft, destruction, alteration or denial of access to information and reports to senior management.
- Provides leadership and work guidance to less experienced personnel.
- Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
Other Skills/Qualifications (preferred/pluses):
- Possess security certifications (CISSP, CCNA, etc) and/or top secret security clearance
- Good communication skills
- Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues
- Ability to perform and interpret vulnerability assessments
- Ability to administer the operations of a security infrastructure
- Ability to balance and prioritize work
Qualifications
Basic Qualifications
- Bachelor's degree or equivalent combination of education and experience
- Seven or more years of experience in network, host, data and/or application security in multiple operating system environments
- Demonstrate experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
- Demonstrated Experience working with internet, web, application and network security techniques and working with relevant operating system security (Windows, Solaris, Linux, etc.)
- Proven experience working with leading firewall, network scanning and intrusion detection products and authentication technologies
- Demonstrated experience working with federal regulations related to information security (FISMA, Computer security Act, etc.) and with NIST Special Publications and C & A process methodology
Friday, March 14, 2008
IT Security Privacy Lead
IT Security Privacy Lead
Skills
- Senior IT professional with at least 7 years of IT experience with a concentration in IA and/or Privacy
- Knowledge of the following Privacy-related areas:
- General framework of federal statutes and regulations: laws, the United States Code, and the Code of Federal Regulations;
- NIST security risk assessment framework;
- Privacy provisions of the Privacy Act of 1974, Paperwork Reduction Act of 1995, and E-Government Act of 2002. Knowledge of OMB privacy policy memoranda and guidance issued since 2006; and
- NIST impact-based categorization scheme for federal systems.
- Two years of experience performing analyses of existing information systems and Information technology initiatives to prepare information collection requests, systems of records notices, and privacy impact assessments.
- One year of experience preparing instructional materials (briefings, policies, and procedures) associated with federal privacy management for civilian agencies.
- Strong communications skills; working knowledge of M/S Word and Excel; and ability to write and review Privacy-related documentation.
- Bachelors Degree preferred. Otherwise related Associates degree and IT Security related professional certifications. .
Job Requirements
- Serve as the OCIO Security Team expert in Privacy.
- Assist in the solution of privacy-related issues and the update of the DOL Privacy Program.
- Review DOL IT Security Privacy policies and procedures to ensure compliance with federal Privacy requirements, identify gaps, develop strategy and implement appropriate actions to close the gaps.
- Review DOL IT Security Privacy training to ensure the content is appropriate and complies with federal Privacy training requirements, identify gaps, develop strategy and implement appropriate actions to close gaps.
- Review DOL IT system privacy impact assessments (PIA) to ensure they are complete and comply with DOL and Privacy Act guidance.
- Support the DOL SSN Reduction Task Force.
- Support the DOL PII Working Group to address OMB privacy mandates.
- Update DOL privacy-related policies and procedures.
Tuesday, March 11, 2008
Information Assurance Policy Officer
Security Policy Officer will support the OCIO PMO by developing policies and procedures required to effectively and efficiently implement government security regulations to protect government sensitive but unclassified (SBU) information. The Policy will be responsible for the interpretation of government information security policies and auditing compliance of the protection of SBU.
Serve as the primary point of contact to a customer on issues related to the Federal Information Security Management Act (FISMA). This task requirement includes advising/consulting with Government personnel to produce all Federal Information Security Management Act (FISMA) reports, as well as to assist in the oversight of the development of an automated solution to expedite and standardize the reporting process.
SKILLS REQUIRED:
CISSP, CAP or CISM
Experience managing multiple tasks with competing priorities
Using MS Project and MS Office Suite
Education: BSc Information Systems Management
Years of Experience: minimum 5
Wednesday, March 5, 2008
Overseas Job Opportunity
Intrudetect has immediate openings for candidates with:
- Secret Clearance
- An active passport
- Experience working with Microsoft SharePoint and/or .NET, general experience level is junior to mid level
- Experience working overseas is preferred (but not required)
We currently have two positions that need to be immediately filled with another 5 to 10 positions to be filled later in March/April.
Position profile:
- Deployment: 9 months at military bases in the United States (primarily Shaw AFB), 3 months at USAF bases in the middle east as one of four teams (details in ppt)
- Compensation bonuses up to 70% if deployed in overseas hostile areas (Iraq, Afghanistan) Compensation bonuses of 15%-45% for deployment in less hazardous areas (Kuwait, UAE, etc.)
- Annual compensation ranges from $ 180,000 to $ 220,000
- Overseas deployments are on military bases (not in country) and involve no combat activities (patrols, watch, etc.)
- Lodging and accommodations along with a per diem is provided while deployed overseas.
Monday, March 3, 2008
Information Security Risk Analyst
Information Security Risk Analyst
Washington,DC
Skill Set requirements;
§ Minimum 8 years experience in a mission-critical production environment required
§ Minimum 8 years experience with proprietary and sensitive data classifications required
§ Demonstrated knowledge and experience of the Bank Group's and Unit's systems and business processes, policies and procedures, as well as relevant software application systems, hardware configuration and Network Architecture to implement Information Security as a process.
§ Ability to conduct standards based (COBiT/SOX) risk assessment of financial applications and processes, design and implements controls, gather auditable evidence needed to meet compliance standards.
§ Ability to develop specific proactive procedures for detection of security breaches, identifying security risks in the software development process and code promotion procedures.
§ Demonstrated conceptual, analytical and innovative problem-solving and evaluative skills, an ability to conduct independent research and analysis in the event of a security breach, identifying issues, formulating options, proactively closing the security loop-holes, and making conclusions and recommendations.
§ Demonstrate good interpersonal skills; including the ability to work effectively in a team/task force as participant or team leader.
§ Capacity to work independently and willingness to seek advice/assistance.
§ Demonstrated knowledge and experience of working on advanced technologies specifically in the areas of Identity and Access Management, PKI, User Provisioning, Role Mining, Vulnerability Assessment and Penetration Testing tools for Oracle.
§ Analyzing security configurations for Microsoft Windows NT, Microsoft Windows 2000, and Cisco IOS, Oracle 9i/10g platform.
Washington,DC
Skill Set requirements;
§ Minimum 8 years experience in a mission-critical production environment required
§ Minimum 8 years experience with proprietary and sensitive data classifications required
§ Demonstrated knowledge and experience of the Bank Group's and Unit's systems and business processes, policies and procedures, as well as relevant software application systems, hardware configuration and Network Architecture to implement Information Security as a process.
§ Ability to conduct standards based (COBiT/SOX) risk assessment of financial applications and processes, design and implements controls, gather auditable evidence needed to meet compliance standards.
§ Ability to develop specific proactive procedures for detection of security breaches, identifying security risks in the software development process and code promotion procedures.
§ Demonstrated conceptual, analytical and innovative problem-solving and evaluative skills, an ability to conduct independent research and analysis in the event of a security breach, identifying issues, formulating options, proactively closing the security loop-holes, and making conclusions and recommendations.
§ Demonstrate good interpersonal skills; including the ability to work effectively in a team/task force as participant or team leader.
§ Capacity to work independently and willingness to seek advice/assistance.
§ Demonstrated knowledge and experience of working on advanced technologies specifically in the areas of Identity and Access Management, PKI, User Provisioning, Role Mining, Vulnerability Assessment and Penetration Testing tools for Oracle.
§ Analyzing security configurations for Microsoft Windows NT, Microsoft Windows 2000, and Cisco IOS, Oracle 9i/10g platform.
Subscribe to:
Posts (Atom)