JOB DESCRIPTION: Serve as a Blue Team Vulnerability Assessment Team Lead. Lead the coordination and collaboration of assessment. Ensure team composition support all aspects of the assessment scope. Ensure applicable Blue Team Vulnerability Assessment discipline is achieved, leverage customer/contractual Vulnerability Assessment Process Framework to include documentation creation and review as it relates the assessment, resource load assessment schedules, and document risk/issues. Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts Blue Team risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Involved in a wide range of security issues including vulnerability assessment architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and mitigate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Applies advanced technical principles, theories, and concepts. Contributes to development of new principles and concepts. Participates with senior managers to establish strategic plans and objectives. Recommends/makes decisions on administrative or project work matters and ensures effective achievement of program, project, or organizational objectives. PROBLEM COMPLEXITY: Works on unusually complex technical problems and provides solutions which are highly innovative and ingenious. FREEDOM TO ACT: Works under consultative direction toward pre-determined long-range goals and objectives. Assignments are often self-initiated. Determine and pursue courses of action necessary to obtain desired results. Work checked through consultation and agreement with others rather than by formal review of supervisor. Exercises independent judgment in methods, techniques and evaluation criteria for obtaining results. IMPACT: Develops advanced technological ideas and guides their development into a final product. Erroneous decisions or recommendations would typically results in failure to achieve critical organizational objectives and affect image of organization's technological capability. LIASON: Serves as organization spokesperson on advanced projects and/or programs. Acts as advisor to management and customers on advanced technical research studies and applications.
TYPICAL EDUCATION AND EXPERIENCE: Bachelors and fourteen (14) years or more experience; Masters and twelve (12) years or more experience; PhD or JD and nine (9) years or more experience.
Certified Information Systems Security Professional (CISSP)
My SAIC Benefits.