$80K - $100K(Ladders Estimates)
Provides technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systems. Designs, develops and implements security requirements within an organization's business processes. Prepares documentation from information obtained from customer using accepted guidelines such as RMF (Risk Management Framework). Prepares test plans. Provides assessment and authorization (A&A) support in the development of security and contingency plans and conducts complex risk and vulnerability assessments. Analyzes policies and procedures against Federal laws and regulations and provides recommendations for closing gaps. Develops and completes system security plans and contingency plans. Recommends system enhancements to improve security deficiencies. Develops, tests and integrates computer and network security tools. Secures system configurations and installs security tools, scans systems in order to determine compliancy and report results and evaluates products and various aspects of system administration. Conducts security program audits and develops solutions to lessen identified risks. Develops strategies to comply with privacy, risk management, and e-authentication requirements. Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requirements. Evaluates, develops and enhances security requirements, policy and tools. Provides assistance in computer incident investigations. Performs vulnerability assessments including development of risk mitigation strategies.
This position is responsible for utilizing ForeScouts CounterACT to track and remediate vulnerabilities across a large enterprise. This includes but is not limited to monitoring government sites for vulnerability announcements, notifying other teams of vulnerabilities, working with engineering teams for solutions, working with various operations teams to implement solutions, and reporting progress.
This individual tracks and reports on remediation efforts from start to finish. Additional requirements are the ability to analyze and report on ACAS findings, an understanding of the Security Technical Implementation Guides (STIGs), and a thorough understanding of Information Assurance Vulnerability Alerts (IAVAs) and Common Vulnerability and Exposures (CVE). A good understanding of cyber threats and possible mitigation strategies. This position may also require the creation and maintenance of simple databases and spread sheets and a working knowledge of Power Sheel scripting.
Requires 2 to 5 years with BS/BA or 0 to 2 years with MS/MA/MBA or 8 to 10 years with no degree.
CISSP or Security+ Certification
Valid Through: 2019-10-18