Manages extensive security evaluations of major information systems and networks and the remediation of security control weaknesses, prepares evaluation reports, and presents recommendations. Conducts trade off analyses of products for clients to determine optimal informant security solutions. Maintains a high level of familiarity with the major Federal Government Information Security policy guidance and directives. Works independently in an expert role at customer site or provides team leadership to a group of information security professionals.
Monitors security systems, and analyzes potential threats and vulnerabilities to client systems. Develops new computer and network security systems, including both hardware and software. Coordinates technical incident response and remediation activities for client environments. Provides security analysis and consultation services for product, system and network architecture designs. Analyzes network traffic and alerts to assess, prioritize and differentiate between potential intrusion attempts and false alarms. Provides consulting services on a wide variety of cyber security topics. Prepares remedial options and supervises correction of cyber security shortfalls. Launches and tracks investigations to resolution. Composes and sends alert notifications. Analyzes security findings and data. Publishes reports and keeps metrics for client systems. Identifies trends and root causes of system failures or vulnerabilities. Maintains vendor and trusted partner relationships. Develops tools for operational use and analyzes current threats to information security and systems. Ensures that the Cyber Security department's policies, procedures, and practices as well as other systems user groups are in compliance. Ensures that the physical environment of the computers and their terminals are properly secured. Issues user ID's and passwords to new users and monitors system access and use to identify any security violations. Performs off-site audits to check on 'Disaster Recovery' program effectiveness. Conducts user training to ensure systems security and improve main frame efficiency. Conducts structured walk-throughs to ensure integrity of system applications. Must have extensive experience with eMASS, RMF, and interpreting DoD policy and directives.
EDUCATION & EXPERIENCE:
Typically requires a bachelor's degree or equivalent and seven to nine years of related experience.
Current Secret clearance required.
- CISSP, CISM or equivalent
- ITIL V3 Foundation (within 90 days of start date)
- ITIL Intermediate
- 5 to 10 years eMASS experience
- 5 to 10 years DIACAP/RMF experience
- Experience in writing TTPs/SOPS
- Experience preparing and delivering briefings to management
- Experience in developing project schedules
Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. Some travel may be required.