CY - Cyber Security SME
The focus of this job is to provide Cyber Security and Information Security technical direction and oversight to a number of highly visible projects that will transform many aspects of the Sponsor’s operations and service delivery model for Hybrid Cloud Enterprise Services.
The qualified candidate will perform security compliance tasks required to establish and maintain appropriate levels of documentation required to support overall systems security compliance, certification and accreditation, operations and maintenance, system access controls, systems monitoring, systems design documentation and the Plan of Action and Milestones (POAM). He/She will ensure all program activities maintain system baselines and configuration management items, including security event monitoring policies in a manner determined and agreed to by the systems Sponsors management. The candidate will play an active role in monitoring a system and its environment of operation, to include developing and updating the SSP, managing and controlling changes to the system, and assessing the security impact of those changes. He/She will ensure that all system changes and modifications are performed in accordance with the systems sponsors’ approval process. He/She will perform security analysis, engineering, design, install, and implement security solution.
The qualified candidate will be in a professional team-oriented environment, work as a self-starter who will use technical communications skills and work with Sponsor requirements and Enterprise-class solutions. The candidate will use technical and leadership skills and experience working at all levels of Sponsor and industry organizations to forge effective partnerships and collaborative solutions. The candidate will work effectively with Architects, Engineers, Developers, Security, Project Managers, and Senior Managers. The candidate will have broad knowledge of the environment and be able to proactively work with a diverse set of stakeholders. The candidate will, on occasion, represent the Sponsor in both technical and management meetings and must be able to act independently while ensuring that management is kept well informed to support decisions.
• Demonstrated on-the-job systems engineering experience with Information Security Engineering (ISE)to include experience providing support within an Enterprise environment and large distributed environment.
• Demonstrated on-the-job experience working with cloud service offerings.
• Demonstrated on-the-job experience with system baselines and configuration management items, including security event monitoring policies.
• Demonstrated on-the-job experience with security engineering, designing, implementation, and O&M with Cyber Security Tools.
• Demonstrated on-the-job experience with security guidelines and policies related to systems hardening and patch compliance.
• Demonstrated on-the-job experience reviewing engineering designs that involve security perimeters and user access models (i.e. RBAC).
• Demonstrated on-the-job experience working with Vulnerability Scanning Tools, such as Tenable Nessus and providing remediation guidance based on the reported findings.
• Demonstrated on-the-job security design experience involving multiple operating system platforms (i.e. MS Windows 2012, Red Hat Enterprise Linux, CentOS, etc.)
• Demonstrated on-the-job security design experience involving various storage technologies (i.e. SAN, NAS) and protocols (i.e. NFS, CIFS).
• SCRUM Certified or formal completion of Agile Training.
• ITIL Certified.
• Demonstrated on-the-job experience with core communication protocols, such as DNS, NTP, DHCP, UDP, HTTP/HTTPS.
• Demonstrated on-the-job experience with industry best practices with infrastructure engineering and security designs in order to provide guidance to the engineers.
• Demonstrated on-the-job experience writing technical documents addressing complex, sensitive issues with emphasis on information assurance requirements, preparing responses to inspection findings and development of a Plan of Action and Milestones (POAM).