This position is established to analyze/perform work necessary to plan, document, test, implement, integrate, maintain, or modify computer systems and network configurations for solving problems relating to computer devices and network topologies.
This position requires knowledge in fields defined as information technology, computer programming, computer security, computer systems analysis, database management, information systems, Internet applications and development, software development, and related fields. This person relies on experience and judgment to plan and accomplish goals. This person develops technical documentation related to the certification and accreditation process as per the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-53 Revision 3 (current) and security control test procedures based on NIST SP 800-53A Revision 1 and the Risk Management Framework 800-37 Revision 1. This position performs a variety of developmental tasks relating to security control testing and evaluation and the ensuing system analysis and documentation as it relates to each system. This position creates security control test data independently of known standards if the situation warrants in addition to coding and testing routines developed by higher-level specialists. This position is able to make relatively simple changes to existing software systems and networks based upon independent analysis and industry best practices.
This position is capable of understanding government, agency, local, tribal security guidelines as offered by agency Users Guide, computer language manuals, operating system manuals, published standards and procedures, equipment manuals, precedents, and specifications. Judgment is used in selecting among authorized methods and techniques. The position consults with supervisor when guidelines are not available or applicable.
This position is able to use all Microsoft Office products including Microsoft Visio, Excel, and Access and can draw dataflow charts and network diagrams. This position writes security based standard operating procedures.
• Able to participate effectively and provide input in system scanning and remediation efforts
• Able to act as a technical authority regarding system scanning and patching
• Able to analyze and evaluate system scan results and data from a security perspective
• Able to respond to and potentially resolve problems with software, hardware and systems management from a security perspective
A college degree in Computer System Security, Design and Engineering, Programming, Architecture or related discipline is required plus 8-10 years of experience in this field. This person must possess the Certified Information System Security Professional (CISSP) certification.
In addition, the candidate possessing a Certified Information Systems Auditor (CISA), a GIAC Systems and Network Auditor (GSNA), or an Electronic Commerce Council Certified Ethical Hacker (CEH) certification is preferred but not required.
ActioNet, Inc. - 24 months ago
copy to clipboard