Sev1Tech is looking for the right candidate to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
We're looking for an Information Assurance Specialist (Mid-Level) to assist our customer in overseeing and supporting Information Security Control Assessments, Intrusion Defense Chain FISMA Metrics Tracking, and a Industry Cyber Hygiene Data Assessment Program.
The Information Assurance Specialist (Mid-Level) will oversee Information System Security Control Assessments, including:
- Developing and maintaining an overall Security Assessment Schedule.
- Developing testing artifacts for each system including as appropriate Rules of Engagement, a technical assessment plan, Security Requirements Traceability Matrix, Security Assessment Report, and other necessary documentation.
- Scheduling and performing technical assessments of systems and applications to determine the severity of security control weaknesses.
- Executing assessments through reviewing system security documentation, vulnerability scan results, audit logs, configuration guides, and any other additional material provided by the system and system stakeholders.
- Documenting results of assessments in the compliance tool utilizing a standard reporting format for recording assessment results and findings along with recommended mitigations.
- Updating and maintaining all testing templates and standard operating procedures.
- Collecting and storing all final materials and media.
The Information Assurance Specialist (Mid-Level) will oversee Intrusion Defense Chain FISMA Metrics Tracking, including:
- Testing the ability to properly classify malicious logic investigations using the Intrusion Defense Chain (IDC) Framework
- Creating example malicious logic and disseminate to all DHS Components
- Tracking and reporting compliance and accuracy in classifying malicious logic using the IDC Framework
- Creating and maintaining IDC Metrics for the annual Information Security Performance Plan
The candidate will ensure performance of the customer’s Industry Cyber Hygiene Data Assessment Program, including:
- Establishing, documenting, and continually refining CONOPS and standard operating procedures documentation for the Cyber Hygiene Assessment (CHA) Team
- Developing and maintaining a management schedule for all CHA data analysis and assessment activities
- Coordinating with CHA personnel to collect artifacts, define scope and establish governance functions for assessments and analysis of industry cyber hygiene data
- Establishing performance metrics and process improvement criteria stemming from the results of industry cyber hygiene assessments and analysis
- Evaluating results and provide recommendations in determination of industry cyber hygiene maturity
- Creating both draft and final deliverable reports stemming from industry assessments and analysis for Federal CHA program personnel consumption and review
- Developing, maintaining, and updating any additional program documentation on an ongoing basis
Minimum Qualifications
BA or BS degree, preferably in Information Security, Information Systems, Cybersecurity, Information Technology/Network Administration or related discipline, OR 4–8 years of direct experience may be substituted in lieu of degree
- At least 4 years experience in the federal IT services industry
- Knowledge and experience with the Risk Management Framework
- Knowledge of federal security standards, frameworks, and directives, including NIST, OMB, and DHS
- Experience managing small teams performing Information Assurance activities
- Thorough understanding of the Security Authorization and ATO requirements and processes
- Must possess one (1) or more of the following IAT Level II certifications: GSEC – GIAC Security Essentials; CompTIA Security+ CE; or SSCP – Systems Security Certified Practitioner
- Must possess one (1) or more of the following IAM Level II certifications: GSLC - GIAC Security Leadership Certification; CAP – Certified Authorization Professional; CISM – Certified Information Security Manager; CISSP or Associate – Certified Information Systems Security Professional; or CASP – CompTIA Advanced Security Professional.
- Excellent communication skills, including the ability to brief customer management and leadership
- A successful track record of providing excellent customer service
- Understanding of best practices for Intrusion Detection and assessing Intrusion Detection performance
- Knowledge of organizational cybersecurity hygiene best practices ad the ability to assist customers in establishing, promoting, evaluating, and improving them
- Ability to provide proof of U.S. Citizenship in order to obtain a DHS Public Trust
Desired Qualifications
About Sev1Tech LLC
Founded in 2010, Sev1Tech provides IT, engineering, and program management solutions delivery. Sev1Tech focuses on providing program and IT support services to critical missions across Federal and Commercial Clients. Our Mission is to Build better companies. Enable better government. Protect our nation. Build better humans across the country.
Join the Sev1Tech family where you can achieve great accomplishments while fostering a satisfying and rewarding career progression. Please apply directly through the website at: https://www.sev1tech.com/careers/current-openings/#/ #joinSev1tech
For any additional questions or to submit any referrals, please contact: eileen.mckenzie@sev1tech.com
Sev1Tech is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.