The coordinated terrorist attacks on the morning of September 11, 2001 forever impacted the course of history and the American way of life. Those attacks resulted in the creation of the Transportation Security Administration (TSA), designed to prevent similar attacks from occurring in the future.
CSRA supports the TSA, the leading Counterterrorism Agency for the US Government, by managing its worldwide IT environment. Our day-to-day mission is to provide that support in such a way that TSA can protect every single one of those 695 million people equally well, thus protecting our transportation infrastructure and ensuring freedom of movement for people and commerce. The IT Infrastructure Program Bridge Contract provides comprehensive IT managed services towards the sustainment of some of the customer-s most critical IT systems and applications.
Currently, we are seeking an Information Systems Security Manager in Arlington, VA. The selected candidate must be able to obtain government security clearance, per contract requirements (Clearance Level: Secret / EOD).
This position designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Prepares security reports to regulatory agencies. Audits and manages access management.
So what is required of an Information Systems Security Manager on a day to day basis? There are quite a myriad of tasks and responsibilities, such as:
* Provide direct management oversight of the ITIP Information Assurance & Cyber Security Division (IA&CSD) Security Assessment and Authorization (SAA) team in support of TSA-s certification and accreditation processes and schedules. * Ability to directly interface with TSA management counterparts to provide status updates, address issues and provide support for escalation if needed. * Work closely with the TSA appointed System Owner (SO)-s and Information Systems Security Officer (ISSO)-s throughout the Security Authorization process. * Manage Plan of Action and Milestones (POA&M), Vulnerability Findings, Information Security Vulnerability Management (ISVM) and patch compliance lifecycle processes in accordance with contractual requirements. * Documentation review and input for assessment artifacts such as the Security Plan, Contingency Plan, Network Diagrams and Security Design Document. * Review TSA and/or CSRA provided evidence for completeness and accuracy. * Work closely with CSRA engineering teams in regards to the remediation of security vulnerabilities, POA&M-s and ISVM-s associated with TSA critical systems. * Assist the TSA ISSO with the generation of Waivers, Exceptions, POA&M closure packages, and Authorization packages for submission to the Authorizing Official or Information Assurance and Cyber Security Division. * Attend or coordinate Kick-off and Findings meetings in regards to Annual Assessments, Critical Control Reviews, Technical Vulnerability Assessments and other Inspector General or TSA directed Audits. * Makes recommendations for preventive measures as necessary. * Assist with defining security requirements and subsequently review complex systems to determine if they have been designed and established to comply with established standards * Provide reports and metrics to CSRA management and/or TSA as needed. * Manage and respond to TSA data calls as needed. * Review and develop a plan for remediation of Independent Verifications and Validations (IV&V) Reports * Perform reviews of existing and future technologies and standards, and advise the Senior Management of the implications that such technologies and standard may have on Customer IT security. Drafting multiple slides for multiple customer reviews * Track various O&M activities and projects to ensure a timely delivered result, and improve efficiency. * Serve as a liaison between multiple internal and customer divisions * Formulate operational procedures for inter-divisional communications * Collaborate with Change, Problem, and Release Management for security impacts to the environment * Review new security solutions designs and specifications to validate they are ready for existing security operations environment. * Conduct technical policy and contract reviews as requested and advise the Senior Management accordingly. * Provide an accounting of hardware and support life-cycle to both Senior Management and the Customer of the existing IT infrastructure. This includes the following list of technologies: * Devices: Firewalls, NIDS, Proxy * Applications: Antivirus, Content Filtering, HIDS, Logging
* Review all RFCs, MDR voting member, provide MDR report to IAD, and attend SCCB meetings * Oversee the of Review design, installation, management and implementation of requested changes to the following components of the IT security infrastructure in accordance with Customer policy, DHS Enterprise Architecture guideline, and other Federal guidelines such as NIST: * Firewalls * Host Intrusion Detection/Prevention Systems * Network Intrusion Detection/Prevention System * VPN Concentrators * Web Content Filtering * Malware (Anti-virus/Anti-spyware) * Anti-Spam
* Remain current with trends in security technologies, processes, and methods that can improve the Customer IT infrastructure security posture, the efficiency and effectiveness of security operations, and the quality of security services provided and, shall advise Customer accordingly. * Provide recommendations to Senior Management. * Other duties as assigned.
Is this job the next step in your career? Are you ready to take the leap and help ensure American-s and their goods are free to move about the country?
To qualify, you must meet these basic qualifications:
* DoD SECRET Clearance * Must be able to obtain the TSA Entry on Duty (EOD) suitability status. * Bachelor's degree or equivalent combination of education and experience * Bachelor's degree in computer science or related field preferred * 8+ years of experience in network, host, data and/or application security in multiple operating system environments * 5+ years managing teams of 10+ employees * Experience with security tools and architecture to include advising on security related changes to them. * Experience working with internet, web, application and network security techniques * Experience working with relevant operating system security (Windows, Solaris, Linux, etc.) * Broad range of knowledge and experience with Security and System Architecture * Understanding of, and experience applying industry security policies, regulations and guidelines such as NIST, FISMA, SANs top 20 controls, etc * Knowledge of the ITIL structure * Experience with MS Windows OS and familiarity with and Unix (Solaris/RHEL). * Knowledge of change control and change management process, project management, Enterprise Architecture frameworks, SDLC, Security Policy. * Knowledge of ports, protocols, and the OSI Model * Experience conducting analysis and providing recommendations on new or existing security capabilities. * Experience with the Federal government * Good communication and presentation skills at all organization levels. * SEC+ or CISSP Certification
It would be great if you also had:
* ITILv3 certification
Other qualifications include:
* Excellent communication skills. * Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues * Ability to perform and interpret vulnerability assessments * Ability to administer the operations of a security infrastructure * Ability to balance and prioritize work * Self-starter
# of Openings:
Scheduled Weekly Hours:
Telecommuting Not Allowed
USA VA Arlington - 1200 S Hayes St (VAS033)
Additional Work Locations:
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.