SME Security Risk Management - By Light Professional IT Services - Washington, DC

Overview Looking for a rewarding and challenging career with a dynamic, growing organization? Phacil is your answer. We have an immediate need for an Information Security / Operations SME to support an important government customer in Arlington, VA Responsibilities This is a hands-on assessment and analysis position requiring intermediate and operational knowledge of Windows Server 2008; Red Hat Linux; VMWare; SQL Server; and other administrative aspects of workstation and enterprise server, security, and communications technology. The SME will support the ISSO in evaluating the security posture and assessment of globally-deployed departmental systems through hands-on execution of customer-supplied tools and best-practice techniques, including manual verification scan and CSR reviews against defined component baselines. Determine the security and configuration status and ISSO level understanding of a variety of system components at multiple levels from network to applications, establish risk management oversight from initiation to retirement, including Linux and Windows operating systems; SQL Server and Oracle databases; system support components; VMWare implementations. There are occasional “one-off” components requiring development of baseline security configurations, hence technical curiosity and a desire to learn and innovate are beneficial. Support the customer through systems/network monitoring via iPost and other department approved and sanctioned tools under the continuous monitoring task and the Heads-Up certification phase of the customer’s Assessment and Accreditation (A&A) process, and incident monitoring of devices within the customer’s environment to ensure current policies are upheld. Work shall also include: Additionally, the SME will provide valuable agnostic insight when asked by the ISSO in responding to OIG, external Department and agency requests, developing position papers and whitepapers. Providing guidance and strategies so that the customer functions in accordance with Federal Information Security Management Act (FISMA) and information assurance requirements, as well as agency and other organizational policies, guidelines and procedures. Monitoring the customer's information technology architecture to ensure an adequate information system security infrastructure is in place to meet day-to-day security requirements. Ensure that information systems are operated within an acceptable level of risk and are audited properly. Ensuring that all information systems security related incidents and violations are immediately reported, data is collected, investigation is coordinated, and corrective measures are implemented. Provide monitoring and analysis of potential security risks at customer sites (both government and contractor) through the effective monitoring and analysis of security threats, recommending corrective actions through impact assessments and on-going support. Provide on-going security support in the areas of software and administrative support to the customer, including providing detailed security briefings on a regular basis. Assist the systems security office in the effective analysis, operation, maintenance, documentation, training and ongoing support of security systems. Write and update various SOP's and scripts as needed to affect proper security procedures are current in an ever changing environment. Responding, in general, to system identified deficiencies and defects and provide security program remediation reports, procedures and maintenance plans to various customer’s development and operations groups, as necessary for timely remediation of those findings. Providing support to system administrators to ensure systems are reporting properly and through the monitoring of all systems on the network and by reviewing and providing analysis of security logs, systems logs and ensuring all security compliance is maintained. Required Experience/Qualifications Required Skills (e.g. Knowledge of IT governance and operations):
Linux and Windows Server environment familiarityNetwork, Firewall, Appliance configurationsAbility to develop custom scripts (bash and Windows Powershell or equivalent)Working knowledge of Database and associated Schema constructsWorking knowledge of various assessment and monitoring tools including Tenable Nessus, HP Webinspect, AppDetective, nmap, XACTA, Nexpose, DBSAT, Splunk and related Hands on configuration and implementation experience specifically with Tenable Nessus is preferredNOC, SOC, operations, data center or similar experienceNIST and Risk Management Framework (RMF) familiarity Preferred Experience/Qualifications Preferred Skills:
Prior Department of State experienceNIST security principles and experienceCOTS Application Development and/or DeploymentsEnterprise application development and systems engineering experienceNOC, SOC, operations, data center or similar experience Special Requirements/Security Clearance Top Secret due to elevated privilege requirements.
Physical Demands None

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.