Information Assurance/Cyber Security Specialist-Senior (Job Number:439818)
- This position is within the Vanguard 2.2.1 program-s Information Assurance (IA) Directorate, supporting assessment and authorization (A&A) of the DOS major applications.
- This position will require significant interaction with the DOS and contractor staff and with the DOS Information Assurance (IA) office.
- The work location is in the Washington, D.C. Metropolitan area but may require CONUS travel for short trips.
Description of Duties:
- Leading large/complex security assessments of customer systems, services, and programs.
- Supporting and interacting with customers, at the highest levels, as well as providing oversight to less experienced staff.
- Analyzing customer processes and configurations to verify that previously identified flaws have been corrected, and document the results.
- Developing approaches for industry-specific threat analyses, application- specific penetration tests, and the generation of vulnerability reports.
- Developing detailed remediation reports and recommendations for compliance and security improvements across industries based on changing threats.
- Develop and update a consistent approach to information security programs and adherence with best practices.
Bachelor-s degree in a related field and 14+ years of experience or no degree with an additional 18+ years of experience
- Experience assessing Federal information systems- compliance with the Federal Information Security Management Act (FISMA). Specifically, conducting independent security control assessments in accordance with NIST SP 800-53, 800-53A, CNSSI 1253, and the Risk Management Framework (RMF) described in NIST SP 800-37.
- Clearly articulate requirements and other information in written documentation and effectively communicate technical and non- technical concepts to a variety of audiences.
- Broad understanding or knowledge of risk management practices and security program development including change management, access control, and physical security.
- Direct experience involving configuration, deployment, and administration of network appliances, operating systems, and databases.
- Demonstrated excellent technical skills in one or more focus areas (i.e. networking, messaging support (Exchange), Active Directory, system administration, etc.).
- Demonstrated strong organizational and time-management skills: multitasking, working individually and with a team, having a positive attitude, being self- motivated and reliable, being trustworthy, having strong interpersonal and diplomatic skills, and being able to handle stress in a professional manner.
- Proficiency with Microsoft Office.
- Experience with Xacta
- Experience with the The National Institute of Standards and Technology (NIST)
- Risk Management Framework (RMF) required.
- TOP SECRET clearance.
- ISC2 Certified Authorization Professional (CAP).
- Hands-on experience with and knowledge of IT security architecture and design (e.g., firewalls, intrusion detection systems, virtual private networking, virus protection technologies, LAN/WAN design, and/or general internetworking technologies).
- Experience with one or more information security frameworks such as SAS70/SSAE No. 16, PCI, NERC CIP, Nuclear Energy Institute (NEI) 0809, HIPAA, GLBA, SOX, etc.
- Broad understanding of risk management practices and security program development including change management, access control, and physical security.
- Broad IP network and security engineering experience including a basic understanding of IP routing, quality of service mechanisms, MPLS, and IPsec architectures.
- Hands on experience configuring, deploying, and managing mission critical network appliances such as routers, firewalls, IDS/IPS, DPI, etc.
- Hands on system administration experience with various operating systems including Windows, AIX, BSD, z/OS, RHEL, SUSE, HPUX, QNX, etc.
- Hands on system administration experience with DB2, MS SQL, Oracle, Sybase, etc.
- Experience with various programming languages.
- Experience with system development lifecycles (SDLCs).
- Experience with change management processes.
- Have a Security+ certification and actively working towards the CISSP.
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAIC's approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see My SAIC Benefits. EOE AA M/F/Vet/Disability
Job Posting: Sep 5, 2018, 1:48:08 PM
Primary Location: United States-VA-ARLINGTON
Clearance Level Must Currently Possess: Top Secret
Clearance Level Must Be Able to Obtain: None
Potential for Teleworking: No
Shift: Day Job