The IT Security Specialist is responsible for the application security function and for information technology security (Cybersecurity/InfoSec) engineering, and design and serves as a technical expert authority. The OIG s information resources are sensitive assets and are critical in the performance of its mission; therefore, information security services help safeguard the information resources entrusted to the OIG.
Responsibilities:
Solve significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information
Manages and administers a wide range of security systems and tools:
- Administers cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions.
- Responsible for primary or alternate management of all IT Security systems including patch management, upgrades, integration engineering, and reporting.
Executes security related operational activities
- Manages security incident detection, response, remediation.
- Conducts cyber threat and vulnerability analysis and remediation.
- Develops security metrics and manages reporting and compliance.
- Serves as Incident Response Team member.
- Supports operational implementation of FISMA/NIST standards and industry best practices.
- Operates cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions.
- Manages IT Security awareness training program in coordination with the Learning Management team, to including developing and delivering IT Security awareness training modules.
- Manages Password Management system in coordination with Service Desk.
- Responds to IT Security trouble tickets generated by customers and IT staff. Identifies solutions, works with customer and OCIO team to execute solutions, and manages ticket input, updates, and resolution in the OCIO ticketing system to maintain service level agreements.
Supports Security Operations and Engineering by providing technical solution support and expertise
- Identifies security risks and recommends risk mitigation strategies.
- Reviews new and existing systems to ensure baseline security requirements are met and to recommend security enhancements.
- Develops security architecture and technical solutions for security products.
- Collaborates with staff from OCIO and other business components to develop security controls and solutions for complex business systems and applications.
- Develops and executes project plans to engineer, construct, deploy, and monitor/manage IT Security infrastructure solutions
- Demonstrates in-depth understanding of security requirements associated with cloud- hosted environments, services, and solutions.
- Evaluates, recommends, and implements security controls associated with cloud-hosted environments, services, and solutions.
Required Skills
- Bachelor's Degree in Cybersecurity/Information Technology Security or related field of study from an accredited college or university
- At least 5 years of specialized experience with hands-on skills in performing application security assessments and specialized experience in Secure SDLC and Source Code Analysis (Manual &Tools) on Web-based Applications
- Must have hands-on experience with Static and Dynamic Application Security Testing using tools like HP Fortify, HP WebInspect, HCL Appscan, Snyk, Checkmarx, Synopsys, and Veracode
- Must have specialized experience in Continuous Integration (CI) and Continuous Deployment (CD) practices
- Must have specialized experience in manual code review with the ability to identify potential vulnerabilities and best coding practices
- Must have specialized experience in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, DirBuster, Kali Linux, Metasploit Pro, Accunetix, Insight AppSec, GitLab, Coverity, Fortify, and GitHub Enterprise
- Must have specialized experience in assessing application vulnerabilities and bugs in various applications
- Must have specialized experience creating security testing pipelines and test plans
- Must have specialized experience in implementing and deploying an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments
- Must have knowledge of coding languages such as Java, .NET, Python, PHP, C++, C#
- Must have extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts
Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Compensation and Benefits:
Salary Range: $130,000 - $140,000 (Compensation is determined by various factors, including but not limited to location, work experience, skills, education, certifications, seniority, and business needs. This range may be modified in the future.)
Benefits: Gridiron offers a comprehensive benefits package including medical, dental, vision insurance, HSA, FSA, 401(k), disability & ADD insurance, life and pet insurance to eligible employees. Full-time and part-time employees working at least 30 hours per week on a regular basis are eligible to participate in Gridiron s benefits programs.
Gridiron IT Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.
Gridiron IT is a Women Owned Small Business (WOSB) headquartered in the Washington, D.C. area that supports our clients' missions throughout the United States. Gridiron IT specializes in providing comprehensive IT services tailored to meet the needs of federal agencies. Our capabilities include IT Infrastructure & Cloud Services, Cyber Security, Software Integration & Development, Data Solution & AI, and Enterprise Applications. These capabilities are backed by Gridiron IT's experienced
Never miss an opportunity! Create an alert based on the job you applied for.
