Responsible for leading and supporting several components of overall Information Technology security and IT security project management.
1 IT Security Monitoring: Uses expertise to implement and optimize enterprise security monitoring, event correlation, patch status, compliance and alerting solutions. Performs regular audits of all networked devices (including desktop computers, laptops, servers, and handheld devices) utilizing vulnerability scanners and similar tools. Scans for unauthorized networks (including wireless) and prevents systems from bridging networks. Performs regular vulnerability scans to assess system patch status.
2 IT Risk Assessment. Leads IT risk assessment activities. Uses expert knowledge and industry sources to assess current threat levels and current security posture. Actively researches and implements mitigation procedures to reduce security risks. Recommends and leads IT risk reduction projects and initiatives. Communicates risk assessment activities with senior management.
3 IT Security Compliance: Performs and manages certification and accreditation (C&A) and risk assessment activities. Acts as SME for government security and audit requirements and regulations. Leverages experience to provide technical guidance on security related system changes for operating systems and software. Generates compliance reports and disseminates information to pertinent staff for remediation. Creates, maintains, monitors, and reports on compliance of security policies, procedures and manuals. Recommends and establishes changes to security policies that affect the entire organization.
4 IT Security Architecture: Responsible for maintaining and utilizing information security architecture. Ensures existing security devices and software are optimally configured. Evaluates new security hardware and software. Performs security reviews of IT projects. Participates in overall IT architecture design and development. Designs, develops, and implements security technologies.
5 IT Security Training: Promotes and develops corporate-wide security awareness of computing environment and provides related end-user IT security training.
6 Incident Response: Participates in Computer Security Incident Response Team activities. Oversees investigation of computer security incidents. Respond to, analyze, and resolve IT security incidents. Creates and disseminate incident reports.
7 Project Management: Works under consultative direction towards predetermined long-range targets. Works with management, other team members, and end-users to determine project goals and directions; leads difficult and highly complex projects; prepares cost estimates and staff requirements for proposed projects to accomplish goals; monitors and reports on tasks throughout the project; guides and reviews other project work when necessary. Conducts lessons-learned session(s), and documents and report findings.
8 Performs other duties as assigned.
Corporate: - Alexandria, VA 22311 US (Primary)
1 Education: Bachelor's degree in Computer Science, Management Information Systems, Engineering, Computer Security, Information Assurance, or related field is required. Requires IAT Level III certification IAW DoD 8570.1-M (CISSP, SCNA, GISO, GSE, etc.) Advanced degree and additional DoD approved Information Security certification (GSLC, CISM, GSNA, etc.) is a plus.
2 Experience: Minimum of 10 years strong experience in IT security and related technology.
3 Skills: Proficient in administration of Security Information and Event Management, log management, IDS/IPS, Vulnerability Assessment (Retina, Retina CS, Nessus), forensics, and compliance solutions. Experience with firewall systems, VPNs, routers, switches, and proxy servers. Comfortable with various operating systems including Windows XP, Vista, 7, Sever 2003, Server 2008, Linux, and UNIX. Familiarity with standards such as FISMA, NIST, DIACAP, and HIPAA. Experience with HBSS, DISA STIGs, Gold Disk and SCAP tools. Expert knowledge of NISPOM Chapter 8 requirements and documentation.
4 Other: Ability to lift 30 lbs. (e.g. computer and AV equipment), walk (to end user stations) and bend (to install and connect equipment).
*Ability to obtain a Secret Security Clearance is required.
IT - Network/Operations/Security
CNA Corp. - 10 months ago