Currently, we are seeking an Information Systems Security Advisor Sr in Arlington, VA. The selected candidate must be able to obtain government security clearance, per contract requirements (Clearance Level: Secret / EOD).
This position designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Prepares security reports to regulatory agencies. Audits and manages access management.
So what is required of an Information Systems Security Analyst Sr on a day to day basis? There are quite a myriad of tasks and responsibilities, such as:
- Review and develop a plan for remediation of Independent Verifications and Validations (IV&V) Reports
- Perform reviews of existing and future technologies and standards, and advise the Senior Management of the implications that such technologies and standard may have on Customer IT security. Drafting multiple slides for multiple customer reviews
- Track various O&M activities and projects to ensure a timely delivered result, and improve efficiency.
- Serve as a liaison between multiple internal and customer divisions
- Formulate operational procedures for inter-divisional communications
- Collaborate with Change, Problem, and Release Management for security impacts to the environment
- Review new security solutions designs and specifications to validate they are ready for existing security operations environment.
- Conduct technical policy and contract reviews as requested and advise the Senior Management accordingly.
- Provide an accounting of hardware and support life-cycle to both Senior Management and the Customer of the existing IT infrastructure. This includes the following list of technologies: o Devices: Firewalls, NIDS, Proxy o Applications: Antivirus, Content Filtering, HIDS, Logging
- Review all RFCs, MDR voting member, provide MDR report to IAD, and attend SCCB meetings - Oversee the of Review design, installation, management and implementation of requested changes to the following components of the IT security infrastructure in accordance with Customer policy, DHS Enterprise Architecture guideline, and other Federal guidelines such as NIST:
o Firewalls o Host Intrusion Detection/Prevention Systems o Network Intrusion Detection/Prevention System
o VPN Concentrators
o Web Content Filtering
o Malware (Anti-virus/Anti-spyware)
- Remain current with trends in security technologies, processes, and methods that can improve the Customer IT infrastructure security posture, the efficiency and effectiveness of security operations, and the quality of security services provided and, shall advise Customer accordingly
. - Provide recommendations to Senior Management. Present recommendations to CISO as needed.
- Identify applications and operating systems machine data and logs for SIEM analysis
. - Other duties as assigned.
As the largest pure-play IT services provider serving the U.S. government sector, CSRA is where you can come to be successful. Join a collaborative team, solving customer issues and accessing an array of resources for your success. Take advantage of tremendous opportunities as you help us chart our path to industry leadership, and tap into our collective 90+ year heritage. With combined FY15 revenues of approximately $5.5 billion and nearly 19,000 employees, CSRA represents the coming together - figuratively and literally - of two outstanding companies: the North American Public Sector business of CSC and SRA. Join us and watch your career take flight. Is this role not perfect for you, but you-re still interested in learning more about what CSRA has to offer? We have other opportunities available as well! Visit this link to join our Talent Community today: https://csc.recsolucampus.com/candidatepreferenceform.php?formId=Zw==
The coordinated terrorist attacks on the morning of September 11, 2001 forever impacted the course of history and the American way of life. Those attacks resulted in the creation of the Transportation Security Administration (TSA), designed to prevent similar attacks from occurring in the future.
CSRA supports the TSA, the leading Counterterrorism Agency for the US Government, by managing its worldwide IT environment. Our day-to-day mission is to provide that support in such a way that TSA can protect every single one of those 695 million people equally well, thus protecting our transportation infrastructure and ensuring freedom of movement for people and commerce. The IT Infrastructure Program Bridge Contract provides comprehensive IT managed services towards the sustainment of some of the customer-s most critical IT systems and applications.
BS or equivalent + 5 yrs related experience, or MS + 3 yrs related experience
To qualify, you must meet these basic qualifications:
- DoD SECRET Clearance
- Bachelor's degree or equivalent combination of education and experience
- Bachelor's degree in computer science or related field preferred
- 5+ years of experience in network, host, data and/or application security in multiple operating system environments - Experience with security tools and architecture to include advising on security related changes to them
. - Experience working with internet, web, application and network security techniques
- Experience working with relevant operating system security (Windows, Solaris, Linux, etc.)
- Broad range of knowledge and experience with Security and System Architecture
- Understanding of, and experience applying industry security policies, regulations and guidelines such as NIST, FISMA, SANs top 20 controls, etc
- Knowledge of the ITIL structure, certification preferred.
- Experience with MS Windows OS and familiarity with and Unix (Solaris/RHEL).
- Experience with multi-tiered system applications (databases, web servers, middleware, application servers, network devices, and ETL processes)
- Operational and Engineering (tier 2 & 3) experience designing, implementing and maintaining security capabilities
. - Knowledge of change control and change management process, project management, Enterprise Architecture frameworks, SDLC, Security Policy.
- Knowledge of ports, protocols, and the OSI Model
- Knowledge of key security capabilities such as e-forensics, logging/SIEM, risk management, PKI, vulnerability management, C&A, continuous monitoring, disaster recovery, network and endpoint security.
- Experience conducting analysis and providing recommendations on new or existing security capabilities.
- Experience with the Federal government
- Good communication and presentation skills at all organization levels.
- SEC+ or CISSP Certification
It would be great if you also had:
- ITILv3 certification Other qualifications include:
- Excellent communication skills. - Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues
- Ability to perform and interpret vulnerability assessments
- Ability to administer the operations of a security infrastructure
- Ability to balance and prioritize work
# of Openings:
Scheduled Weekly Hours:
Telecommuting Not Allowed
USA VA Arlington - 1200 S Hayes St (VAS033)
Additional Work Locations:
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.