Tuesday, August 7, 2012

Information Security Analyst - Washington DC

OVERVIEW:

1. Ensure that applicable IT security policies are implemented for the system and for those aspects of system-related physical security also under their purview.

2. Ensure operational security posture consistent with current security policy is maintained.

3. Serve as the principal advisor to the AO, System Owner, or Chief Information Security Officer on all matters (technical and otherwise) involving security of the system.

4. Coordinate with the information System Owner to update the system security plan, manage and control changes to the system, and ensure that security impacts of proposed changes are evaluated by or reported to officials responsible for change control.

5. Report existing or potential security issues to the CIO, CISO, ISSM, AO, and System Owner.

6. Ensure that security incidents and the security status of the affected IT system are reported to the appropriate CSIRC.

7. Ensure that system audit trails are regularly examined and anomalies reported to the CSIRC.

8. Ensure documentation is developed and maintained detailing the IT hardware and software configuration and all security countermeasures that protect it. Generally, this is maintained in the System Security Plan.

9. Complete mandatory, specialized information security training annually.

10. Continuous Monitoring - The systems security is reviewed or tested annually in accordance with Department policy. Security controls are selected and tested annually. The selection of controls includes POA&Ms closed in the past 12 months as well as, high-volatile controls or those which are of greatest risk to the system. The Continuous Monitoring Test Plan is developed and updated annually. Testing is conducted at least annually.

11. Configuration Management - Ensure security baselines are maintained and validated at least annually. A report of the validation is provided to the CISO for annual FISMA reporting. Ensure system is in compliance with Departmental and DO security configuration management policies.

12. Training - Identify all personnel assigned any of the roles defined by the Department as having specialized IT security responsibilities in support of the system.  Ensure training information is reported to the CISO in support of annual FISMA reporting.  The CISO will identify the approach used for collection and reporting of annual training.

13. Reporting - Update information and artifacts in the Department FISMA system in accordance with Department policy and procedures. This includes quarterly review and update of: Plan of Action and Milestones, C&A dates and artifacts, Security Controls review and test results, Contingency Plan and annual Test Results, system interfaces and interconnections, personnel with specialized security roles, and the associated artifacts required by the Department for these performance measures.

REQUIRED SKILLS:

• CISSP certification with hands-on expertise in any two areas of the following: Access Control, Information Security Governance and Risk Management, Software Development Security, Security Architecture and Design, and Operations Security
• Hands-on knowledge of and experience with implementing NIST guidance such as: NIST 800 series special publications, especially 800-53 and 53A and C&A guidance, Federal Information Processing Standards Publications (FIPS), and OMB A-130
• Experience with the Federal Information Security Management Act (FISMA) regulations, policies, and procedures
• Demonstrated skill in reviewing and analyzing security documents and identifying problems/issues
• Some experience performing/participating in Certification and Accreditation activities (Risk Assessment, System Security Plan, ST&E)
• Ability to plan and execute work and determine when to escalate an issue
• Good writing and oral skills for reporting, training, and presentations
• Analytical, eye for detail
• Good client management skills for customer interaction

Our client is a large government organization that uses cutting edge technology. A drug and background check may be required.

LOCATION - Downtown Washington DC
Email your resume to careers@intrudetect.com. Intrudetect, Inc. is an EEO Employer Share

Tuesday, June 12, 2012

Solutions Architect - Project Manager - Washington DC


OVERVIEW

The Solutions Architect will be the lead technical resource involved with the creation and standup of an information and collaboration web site.  The candidate outlines web solutions and develops technical requirements.   They will need to take business requirements and translate them into technical requirements.  The candidate should be a high level solution person.  Project management experience in an enterprise web operation is necessary.  The candidate must have successfully led a web site project before.


REQUIRED SKILLS:

  • 7+ years of experience with enterprise networks
  • 5 years of web site development
  • Must have a strong understanding of Drupal, WordPress, or SharePoint, HTML, CSS scripting validation and other relevant technologies.
  • Data integration/translation/conversion
  • Strong analytical, organizational, and interpersonal skills
  • Experience interfacing with government senior managers as well as technical staff
  • Experience providing regular status reports


Additional Qualifications:

  • Technical writing experience                                                                                  
  • BA or BS degree preferred
  • Experience using MS Project
  • PMP Certification
  • Security+ Certification

Our client is a large government organization that uses cutting edge technology. A drug and background check will be required.

LOCATION - Downtown Washington DC

Email your resume to careers@intrudetect.com. Intrudetect, Inc. is an EEO Employer

Tuesday, January 24, 2012

Data Security Engineer - Washington DC

OVERVIEW

This position will be responsible for overall design, security,
administration and management of data for financial research
environment in addition to supporting other Data Security environment
systems. Position is responsible for all activities related to
architecture, implementation, management, and support of the systems
and processes and standards to ensure effective solutions for Data
management. Other responsibilities include but are not limited to
participating in other Data and Network Security engineering efforts,
Security Assessments, and special projects as assigned. The successful
candidate will be required to pass background investigations.

REQUIRED SKILLS:

Minimum five or more years of demonstrated experience in implementing,
administering, and supporting information security systems. Direct
experience managing security permissions for Windows and UNIX based
systems. Extensive understanding and/or experience with system
hardening best practices. Must be able to navigate and manage files
within the UNIX based system command line. Solid understanding of
directory schema (Active directory, LDAP, etc.). Extensive
understanding and/or experience with application security
(authentication, authorization, etc.). Experience with basic scripting
(TCL, Perl, Visual Basic, etc.). Extensive understanding of, and/or
experience with, configuring SSL for web applications and services.
Experience supporting Microsoft and UNIX based applications to
include, but not limited to, installation of software, management of
local rights, users, and file permissions. Solid understanding of
network topologies, protocols, SSL, and DNS. Capable of interpreting
task requirements, selecting appropriate methodologies, and carrying
out complex tasks to completion with minimum supervision. Extensive
understanding of information security best practices.

Our client is a large government organization that uses cutting edge
technology. A drug and background check will be required.

REQUIRED EDUCATION/SKILLS

- BS degree in Computer Science or related field plus 3+ years related
work experience
- Knowledge of Federal Government Data Security Standards, security
information management, operational, and technical requirements, NIST
Special Publications, FIPS 199, 800-60, etc.
- CISSP or equivalent industry certification
- U.S. Citizenship required and the ability to obtain and U.S. Public
Trust Suitability and/or Top Secret Clearance
- Microsoft SQL, SharePoint, Windows and Unix OS Platform Security,
AJAX, Java, Ruby, Python, .NET, Erlang
- Superior writing and analytical skills

LOCATION

- Downtown Washington DC

Email your resume to careers@intrudetect.com. Intrudetect, Inc. is an
EEO Employer