IT Security Specialist

Job Title: IT Security Specialist

Location: Silver Spring and Suitland, MD; any other site may be added in response to future requirements

Syneren is currently looking for an IT Security Specialist supporting a team of security experts and the ISSO / Federal customer with A&A functions, pentesting operation at site and general IT Security support related to Federal Government compliance, continuous monitoring, and risk assessment.

Responsibilities:

Responsible for assisting the system ISSO in Assessment and Accreditation (A &A) functions, pentesting, including but not limited to the discovery of system vulnerabilities and the exploitation of the vulnerabilities, security solution development, continuous monitoring, and FISMA Assessments for a local Federal Civilian Agency. Duties include assisting with and/or performing any or all of the following:

• Possess intermediate to senior level proficiency in both A&A functions and hands-on pentesting at NOAA sites in Maryland
• Possess excellent oratory skills to convince our customer about the quality of work performed based on the detailed understanding of the system; Utilize proficient, clear and concise written and verbal communication skills in order to interact with clients; communicate with individuals at various levels of expertise in subject areas of concern
• Conduct A&A and perform all continuous monitoring functions and assist in maintaining Systems Authorization to Operate (ATO)
• Oversight and development of POA&Ms as part of the Assessment and Accreditation
• Audit compliance of security plans based on the National Institute of Standards and Technology (NIST) Security Publications
• Audit and provide guidance of security program that includes Governance (A&A, Continuous Monitoring, FISMA, NIST, and DOC policies and procedures)
• Use risk management techniques to develop and complete risk assessments based on NIST standards to ensure IA design sufficiently mitigates IA risk
• Conduct security tests and evaluations based on NIST 800-53/53A
• Prepare and analyze reports for Security Program as well as Governance
• Conduct vulnerability assessments based on A&A documentation, system personnel interviews, testing and analysis; additionally, identification and exploitation of system vulnerabilities are required
• Be flexible to take up unscheduled work in times of emergency and deliver assignments on time
• Willing to learn new skills in the backdrop of everchanging government requirements

Required Qualifications:

• Active Public Trust Clearance
• BS in Computer Science, Computer Security, Cyber Security, Information Technology, Software Engineering, or other related discipline preferred
• A minimum of 2 years of experience related to FISMA and IT Security, pentesting operations, and at least 2 years of IT support such as system and/or network administration, DBA, and/or programming
• Must be highly skilled in presentation, with the ability to clearly and confidently communicate complex ideas to diverse audiences
• Must be proficient with all common operating systems and network technologies (Windows, UNIX, Linux, Cisco IOS) and common security tools and scanners such as Tenable Nessus; must have hands on experience with industry standard pentesting tools like NMap and Metasploit
• Must have experience preparing NIST-based Assessment and Authorization documentation/package, be able to analyze and evaluate system scan results and data from a security and risk perspective, and provide effective mitigation recommendations
• Must have knowledge of the NIST 800 series publications, FIPS 199, FIPS 200, and the NIST Risk Management Framework (RMF)
• Must have the ability to work independently under aggressive timelines and have flexibility to take up new assignments when needed
• Must be an efficient, positive, results-driven, problem-solving, team player, and be willing to help other team members in need
• Must have good verbal and written communication skills, to include briefing skills to a large audience
• Must be able to pass a full background investigation and obtain a security badge to enter the applicable government facility
• Applicants must have one of the following certifications:

o CompTIA A+

o CompTIA Network+

o CompTIA Security+

o GIAC Certified Incident Handler (GCIH)

o GIAC Security Essentials Certification (GSEC)

o GIAC Security Expert (GSE)

o GIAC Information Security Professional (GISP)

o GIAC Security Leadership Certification (GSLC)

o ISC2 Certified Authorization Professional (CAP)

o ISC2 System Security Certified Practitioner (SSCP)

o ISC2 Certified Information System Security Professional (CISSP)

o ISC2 Certified Information System Security Associate (CISSA)

o ISACA Certified Information System Manager (CISM)

Preferred Qualifications:

Certified Information Systems Auditor (CISA)

GIAC Systems and Network Auditor (GSNA)

Electronic Commerce Council Certified Ethical Hacker (CEH)

Physical Requirements:

• Prolonged periods in stationary position at a desk and working on a computer.
• Must be able to lift up to 15 pounds at times.
• The person in this position needs to occasionally move throughout the office, including across longer distances such as from the building entrance to the workspace.

About Syneren: Syneren is an award winning, CMMI Level 3 certified, high quality provider of technology solutions for the government as well as commercial sectors. Founded in 2003, we have been broadening our services to cover an array of disciplines, including Hardware and Systems Engineering, Software Development and Testing, IT Systems Support, Cyber Security, Independent Testing and Evaluation and Program Support. Notably our innovative and effective solutions are delivered consistently by a highly qualified staff and management team. Syneren is committed to providing exceptional solutions that meet the client mission needs.

Thank you for your interest in Syneren Technologies Corporation. Syneren Technologies Corporation is an Equal Opportunity/Affirmative Action Employer. This business uses E-Verify in its hiring practices to achieve a lawful workforce. E-Verify is a registered trademark of the U.S. Department of Homeland Security.

Equal Opportunity Employer, including disabled and veterans.