This is a mid-level position. Provides support with planning, coordinating, and implementing the organization’s information security. Provides support for facilitating and helping agencies identify their current security infrastructure and define future programs, design and implementation of security related to IT systems. Experience in several of the following areas is required; understanding of business security practices and procedures; knowledge of current security tools available; hardware/software security implementation; different communication protocols; encryption techniques/tools; familiarity with commercial products, and current Internet/EC technology. Responsible for the identification of security controls and security requirements for IRS information system and applications. Prepares security portions of artifacts in support of the IRS Enterprise Lifecycle. Prepares documentation in support of Security Assessment and Authorization. May perform vulnerability assessments and or penetration testing of information systems.Provides technical input to the Senior Security Specialist related to FISMA issues and, when required, provides technical input to the IRS FISMA reporting team.
The Security Specialist will provide the following essential functions/services:
- Review detailed descriptions of the controls, provide edits and feedback on their actionable quality, and based on the descriptions perform tests to prove the validity of these assertions through interviews, examining of evidence and either overseeing or directly running technical scanning tools against targeted systems.
- Ensuring that security requirements for the major application or general support system are compliant and consistent with NIST and Department of the Treasury security policy and procedures.
- Ensuring that requests for certification and accreditation of computer systems are completed in accordance with the published procedures.
- Coordinating the development of a Contingency Plan and ensuring that the plan is tested and maintained.
- Ensuring risk analyses are completed to determine cost-effective and essential safeguards.
- Ensuring preparation of security plans for sensitive systems and network
- Providing input to appropriate IT security personnel for preparation of reports to higher authority concerning sensitive and/or national security information systems.
- Preparing or Updating the following Documents: SSP, RA, CM, CP, IRP, ST&E (SCA Plan and Report), SAR, POA&M and MOU/ISA/MOA
Knowledgeable and experienced in all aspects of security. Provides highly technical and specialized guidance, and solutions to complex security problems. Performs analyses and studies. Prepares reports and gives presentations to management. Performs duties independently or as a member of a team.
CSSS.NET - 17 months ago