Senior Security Assessor-207 9/2/2016

SE Solutions Washington, DC

Company
SE Solutions
Job Classification
Full Time
Company Ref #
oeqQ3fwh
AJE Ref #
576068045
Location
Washington, DC
Experience
Mid-Career (2 - 15 years)
Job Type
Regular
Education
Bachelors Degree

JOB DESCRIPTION

APPLY
DESCRIPTION

Our Cybersecurity Division is searching for Senior Security Assessors to support a government customer with the evaluation of multiple government information systems, as well as providing risk management advisory services on the continued operations of IT deployments. The Assessor will be responsible for the the analysis and evaluation of security control implementations, reviewing engineering practices and security architecture, as well as other cybersecurity-related tasks and activities. As a senior member of one of our DHS support teams, you will play an important role performing a wide array of IT Security and Security Control Assessment (SCA) support activities for systems across the U.S., including:

* Supporting Local Area Network (LAN) asset, configuration, and vulnerability management.

*

Assess the organization s existing IT security program, work products, and tools in relation to key agency mission, security goals, and objectives.
*

Develop, engineer and implement sustainable security solutions designed to address program gaps.
*

Assess and articulate risk in relation to mission/business objectives and processes. * Review and document security processes and status in support of security authorization (also referred to as C&A) activities.

Minimum Education

* Bachelor s Degree or higher; preferably in computer science, information technology, or a related field

* At least one IT Security Certification (e.g., Security +, CEH, CISSP, etc.)



Minimum Years of Relevant Experience

* 5 or more years within the information technology domain

* 2 or more years directly supporting security of IT systems



Required Skills

* Familiarity with one or more of DHS Directive 4300A, FIPS Pubs 199 & 200, and NIST Special Pubs 800-30, 800-37, 800-39, 800-53, 800-60

* Experience as an Information System Security Officer (ISSO)

* Experience with Vulnerability, Configuration, and Asset Management tools in support of Continuous Monitoring

* Experience with POA&M management

* Performing Security Authorization

* Performing Risk Analysis and Assessment



The candidate should be able to support a minimum of four of the areas listed:

* Security Control Assessment

* Security Code Analysis

* Product Evaluation

* Document Review and Security Technical Writing

* Risk Assessment and Risk Management

* Policy and Audit Services



Preferred Skills

* Penetration testing experience

* Security engineering on mobile platforms preferred

* Familiarity with commercial products and current Internet/EC technology

*

Facilitate agency awareness of current IT security infrastructure and recommend programmatic and systems actions to improve the agency IT security posture.



Demonstrated capabilities performing the following is required:



*

Ensuring the automated monitoring of information system assets through Continuous Diagnostics and Mitigation (CDM) tools and sensors;
*

Maintaining an asset inventory of hardware and software within the program/development offices or field site facility;
*

Ensuring that security requirements for the assigned major application or general support system are being or shall be met;
*

Ensuring that requests for Security Authorization (SA, also commonly referred to as Assessment & Authorization or Certification and Accreditation) of assigned major application or general support system is completed in accordance with the published procedures;
*

Coordinating the development of a Contingency Plan and ensuring that the plan is tested and maintained;
*

Ensuring risk analyses are completed to determine cost-effective and essential safeguards in alignment with government and industry best practice (e.g. NIST 800-30, 37, 39);
*

Ensuring preparation of security plans for sensitive systems and networks;
*

Reporting IT security incidents (including computer viruses) in accordance with established procedures;
*

Reporting security incidents not involving IT resources to the appropriate security office; and representing the security team as part of change management for assigned information systems.

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.