Today
Secret
Unspecified
Unspecified
IT - Security
Tysons Corner, VA (On-Site/Office)
****Position Requires 8+ Years Experience****
Hybrid- 4 days Onsite @ Falls Church, VA
Active Secret Clearance
Must Pass Background and Credit Check
Responsibilities:
Hybrid- 4 days Onsite @ Falls Church, VA
Active Secret Clearance
Must Pass Background and Credit Check
Responsibilities:
- Policy and Standards: Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies.
- Team Leadership: Manage a large, geographically dispersed, multifaceted team comprised of various cybersecurity engineers; team roles include information assurance, security infrastructure engineers, and Security Operations Center (SOC) analysts.
- Incident Management: Direct and coordinate actions for incident response, data collection, digital forensics, cleanup, and reporting.
- Threat Intelligence: Assess threat reports and threat intelligence to inform operational and policy decisions.
- Project Management: Prioritize and manage projects in a fast-paced environment, ensuring timely completion of projects, on time and on schedule.
- Compliance Review: Read and interpret security hardening guides (e.g., STIGs, SRGs), SCAP results, and vulnerability assessment scan results and provide direction as necessary for audit, accreditation, project, and consulting activities.
- Vulnerability Management: Review vulnerability scans and approve associated mitigation strategies. Document strategies in Plans of Action and Milestones (POA&M) artifacts.
- Information System Security Officer (ISSO) Duties: Perform all required duties as the primary Information System Security Officer for a large-scale, joint-force enterprise network.
- Accreditation Management: Conduct and manage security authorization and accreditation activities under a Risk Management Framework (RMF) for multiple accreditation boundaries.
- Guidance and Leadership: Provide guidance and leadership to other team ISSOs and security professionals.
- Security Control Review: Lead authorization efforts and compliance reviews. Complete, test, and review RMF security controls as part of multiple security authorization packages (e.g., eMASS equivalents).
- Documentation: Develop artifacts to provide evidence, support, or policy guidance for compliance with each control as necessary.
- SOC Oversight: Conduct management and oversight of the enterprise SOC team and Incident Responders. Coordinate response efforts, incident management, and triage. Provide oversight of SOC activities, technologies, and strategic direction.
- Investigations: Coordinate with division leads and directors for investigations, insider threat, and security research.
- Strategic Analysis: Conduct analysis and provide recommendations on policy, design, and solutions for increasing the security of the enterprise.
- Experience:
- 3+ years in Information Assurance/Cybersecurity.
- 3+ years in security engineering, operations management, and IT management.
- 3+ years managing a team of 3 or more direct reports in an enterprise IT environment.
- 8+ Years IT experience with a Master's degree, 10+ years with a Bachelor's, or 14+ years with a High School Diploma.
- Certification: Active Certified Information Systems Security Professional (CISSP) certification.
- Skills: Excellent interpersonal, interviewing, analytical, and problem-solving skills to address variable situations.
- Knowledge: General knowledge of federal/government industry security requirements, standards, and best practices.
- Communication: Strong written and verbal communication skills; ability to document processes and write comprehensive security recommendations.
- Professionalism: Professional attitude, able to communicate and interact with individuals at all levels across various information technology and business sectors.
- Organization: Strong organizational, project management, and customer service skills. Ability to act in the best interest of the client both within a team and self-directed.
- Government Environment: 3+ years of experience in a government/military IT environment; experience reading and interpreting operational and tasking directives (e.g., TASKORDs and OPORDs equivalents).
- Security Compliance Experience: 3+ years of experience in a security officer position working with vulnerability scanning tools; patch management and compliance; security authorization tools (e.g., eMASS equivalent); performing authorization (A&A), Validator, or Security Control Assessor (SCA) responsibilities; developing POA&Ms and documentation; vulnerability mitigation.
- SOC/Monitoring Experience: 3+ years of experience working in a Security Operations Center (SOC) environment; conduct in-depth continuous monitoring; tuning of security devices and management of alerts; administration of Host-Based Security System (HBSS) tools; network defense and security event triage.
- Enclave Experience: ISSO/ISSM experience on a network security enclave.
group id: PRISMVA
