- Determine enterprise information assurance and security standards.
- Coordinate, develop, and evaluate security programs for an organization.
- Anticipate and protect for possible security threats and identifying areas of weakness in a network system
- Analyze general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
- Ensures that all information systems are functional and secure and provide integration and implementation of the computer system security solution. Review and update Change requests as needed for security
- Design, develop, engineer, and implement solutions that meet security requirements.
- Provide integration and implementation of the computer system security solution.
- Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.
- Conduct regular system tests and ensuring continuous monitoring of network security
- Develop project timelines for ongoing system upgrades
- Ensure all personnel have access to the IT system limited by need and role working in tandem with IT
- Promptly respond to all security incidents and providing thorough post-event analyses
- Develop and implement information assurance/security standards and procedures.
- Recommend information assurance/security solutions to support customers’ requirements.
- Identify, report, and resolve security violations.
- Establish and satisfy information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.
- Support customers at the highest levels in the development and implementation of doctrine and policies.
- Apply know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
- Perform analysis, design, and development of security features for system architectures.
- Analyze and define security requirements for computer systems which may include servers, workstations, and personal computers.
- Support of IT audits (3rd party commercial and/or federal government such as ISO, CMMI, CMMC, FISMA)
- Support CMMC (Cybersecurity Maturity Model Certification) assessments and audits
- Manage Plan Of Action and Milestones (POA&M) resulting from security assessment
- Develop and maintain organizational SSP (system security plan)
- Hands-on experience with tools such as EventLog analyzers, Tenable, Sentinel and ticketing systems
- Strong understanding of network, storage, Incidence Reponses and DR/COOP. Establish disaster recovery procedures and conduct DR breach security drills and tests and Incident Response Tests
- Identify, document, and mitigate risks to evaluate risk posture for the organization
Requirements: (Clearance/Citizenship) US Citizen, Green Card Holder
- Vast experience in information security and/or IT risk management with a focus on security, performance, and reliability
- Solid understanding of security protocols, cryptography, authentication, authorization and security
- Good working knowledge of current IT risks and experience implementing security solutions
- Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
- Ability to interact with a broad cross-section of personnel to explain and enforce security measures
- Excellent written and verbal communications as well as business acumen
Education:Information Technology, Computer Science or related field
CISSP, CRISC or similar IT Security certification preferred
Shift information: 8-5
Travel: None –