U.S. Citizenship is required. Must be eligible to submit for a government security clearance.
- Conduct system assessments in accordance with NIST SP 800-53 Security Control List, which includes physical security controls, and user interviews.
- Conduct automated and manual vulnerability testing on major applications and network infrastructures.
- Develop, implement, and execute a technical assessment test plan.
- Create detailed assessment reports which include detailed system overviews, risk analysis calculations and findings matrix.
- Capable of assessing security risk exposure through analysis of implemented security monitoring tools (Splunk, Foundstone, W32 logs. etc.).
- Capable of translating technical security issues into business risk/impact for reports to senior leadership.
- Interview Operations and Management staff in order to gather relevant system data and configuration details.
- Capable of translating as-built system information into security and system documentation
- Experience in system assessments for Federal IT systems (FIPS 199, NIST 800-53, FISMA, FISCAM etc.).
- 7+ years’ experience in the Certification and Accreditation process with a full understanding of the System Development Life Cycle and FISMA process is required.
- Experience with network (router, switch, firewall configuration), Web and database (SQL) security scanning.
- Extensive experience working with Foundstone, Web Inspect, and AppDetective vulnerability scanning tools is desired.
- Must have strong familiarity with NIST, US-CERT, & FEA.
- Experience conducting vulnerability testing on Windows and virtualized environments.
- Experience reviewing, understanding or creating system security plans (SSP), network diagrams, standard operating procedures (SOP)s, and system design documents (SSD).
- Demonstrated oral/written communications, and client facing skills.
- Experience with a variety of network communication protocols with particular emphasis on wireless and mobile communications
- Experience with DOJ CSAM a big plus
Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), or similar security professional certification
Bachelor of Science in MIS or EE; BA/BS (desired)
Intelligent Decisions - 22 months ago
Since 1988, Intelligent Decisions (ID) has been developing innovative IT solutions to solve the most challenging requirements of our client,...