Sr. Information Assurance Subject Matter Expert

Application Servers, CISSP, Development, Firmware, Management, Metrics, Networking, Networks, PMP, Research, SDLC, Security, Testing, VMware, Windows
Full Time
Work from home not available Travel not required

Job Description

VariQ is seeking a Sr. Information Assurance Subject Matter Expert.
Additional Information:

* Location: St. Elizabeth's campus in Washington, DC

* Salary: Dependent upon experience

* Security Clearance:Active TS (DoD) is required, and an active DHS EOD 6c clearance is HIGHLY desired

* Available: ASAP



* Work with other information and physical security system security personnel; IT Operations and Enterprise Management System engineering teams and others to implement; refine and maintain an appropriate vulnerability and patch management security program

* Manage the St. Elizabeth's Vulnerability Management Team tasked with:

* Defining/supporting DHS vulnerability management and security assessment standards and metrics

* Conducting and maintaining vulnerability scanning on networks; systems and applications

* Producing actionable; risk-based reports on security assessment results

* Managing; training and mentoring more junior team members

* Assisting with vulnerability remediation when necessary

* Developing and maintaining security plans and security testing plans

* Deliver expected results based on appropriate FISMA score category targets across 7 of 11 security automation domains for Continuous Monitoring of system risk

* Report directly to IA SME Lead and assist other security life cycle activities as necessary

* Direct Recertification & Accreditation activities for 8 (eight) discrete IP-based networks and assist IA SME Lead with managing schedule to completion (ATO)

* Be responsible and accountable for all task and reporting deadlines

* Continuously improve risk models; metrics; reports; processes; and activities

* Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.

* Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.

* Supervises assigned staff.

* Recognizes potential; successful; and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.

* Perform preliminary forensic evaluations of internal systems.

* Interfaces with client to understand their security needs and oversees the development and implementation of procedures to accommodate them.

* Ensures that the user community understands and adheres to necessary procedures to maintain security.

* Weighs business needs against security concerns and articulates issues to management and/or customers.

* Maintains current knowledge of relevant technology as assigned.

* Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation

* Maintains current knowledge of relevant technology as assigned.

* Participates in special projects as required.



* Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical training, or work experience.


* 10-12 years of information security management experience; preferably in the DoD/DHS/DOE context

* Advanced knowledge of network security concepts; best practices and procedures including FISMA/NIST RMF and DITSCAP/DIACAP

* Experience managing vulnerability mitigation and information security process in an enterprise environment

* Experience managing vulnerability assessment teams

* Proven ability to Lead customer-facing reporting and negotiation activities

* Ability to produce and disseminate reports for vulnerability assessments and compliance reporting

* Strong knowledge of Windows client/server; *NIX systems; VMWare; networking; VTC/ VoIP; device firmware; web/application servers; databases; and network architectures (hands on preferred; manages highly technical team)

* Ability to manage vendor relationships and track externally dependent patching activities; driving the threat research life cycle

* Ability to learn complex computing environments quickly; memorization skills desired

* Broad understanding of all aspects of IT and enterprise systems interoperability (OSI Model; SDLC; ITIL; etc.)

* Coordinate with other team (SOC; IR; RMD; Ops; Management; etc.) activities as necessary

* Support threat intelligence activities when required

Required skills/experience:

* ISSO experience a must

* Current DHS HQ Entry on Duty (EOD) holders given preference

* DoD Top SECRET required

* Strong communication skills and the ability to work with diverse teams

* CISSP certification or other DoDI 8570 IAM II required (will consider other management certs e.g.; PMP)

VariQ is an equal opportunity employer.

Category: Information Technology
Dice Id : 10286792
Position Id : 3319
Have a Job? Post it

Similar Positions

IT Risk Analyst
  • Potomac Wave Consulting
  • Washington, DC
Information Assurance Manager
  • Snap Inc
  • Bethesda, MD
Security Control Assessor_DoD
  • Prism, Inc.
  • Washington, DC
Sr. Information Security Engineer - Vulnerability and Risk Assessment
  • Outreach Consultancy Services Ltd Co
  • Rockville, MD
Information Systems Security Manager (ISSM)
  • Devis (Development InfoStructure Inc.)
  • Arlington, VA
Information Assurance (IA) Engineer
  • Piper Companies
  • Arlington, VA
Senior Cyber Security Analyst
  • ALTEK Information Technology, Inc
  • Columbia, MD
Cybersecurity Assessor, Senior
  • Booz Allen Hamilton
  • Mclean, VA
Information Security Architect
  • HireStrategy
  • Washington, DC
Security Engineer
  • Technica Corporation
  • Washington, DC
Information Security Specialist/Cyber Security
  • International Software Systems, Inc
  • Greenbelt, MD
ISSE-Security Analyst (Top Secret)
  • ALTA IT Services
  • Washington, DC