Sev1Tech is looking for the right candidate to play a role on a very large program involving network, cybersecurity, and cloud operations and engineering support services to a government customer with a significant mission for security and public safety. The contract will encompass a wide range of tasks across Program Management; Monitoring, Analysis and Incident Response; Tier 3 Engineering and O&M; and Field Engineering technical support. Work will be executed in the National Capital Region, in Stennis, Mississippi; Chandler, Arizona; and other locations in the U.S and occasionally OCONUS.
We're looking for an Information Assurance Specialist (Mid-Level) to assist our customer in overseeing and supporting Information Security Control Assessments, Intrusion Defense Chain FISMA Metrics Tracking, and a Industry Cyber Hygiene Data Assessment Program.
The Information Assurance Specialist (Mid-Level) will oversee Information System Security Control Assessments, including:
- Developing and maintaining an overall Security Assessment Schedule.
- Developing testing artifacts for each system including as appropriate Rules of Engagement, a technical assessment plan, Security Requirements Traceability Matrix, Security Assessment Report, and other necessary documentation.
- Scheduling and performing technical assessments of systems and applications to determine the severity of security control weaknesses.
- Executing assessments through reviewing system security documentation, vulnerability scan results, audit logs, configuration guides, and any other additional material provided by the system and system stakeholders.
- Documenting results of assessments in the compliance tool utilizing a standard reporting format for recording assessment results and findings along with recommended mitigations.
- Updating and maintaining all testing templates and standard operating procedures.
- Collecting and storing all final materials and media.
The Information Assurance Specialist (Mid-Level) will oversee Intrusion Defense Chain FISMA Metrics Tracking, including:
- Testing the ability to properly classify malicious logic investigations using the Intrusion Defense Chain (IDC) Framework
- Creating example malicious logic and disseminate to all DHS Components
- Tracking and reporting compliance and accuracy in classifying malicious logic using the IDC Framework
- Creating and maintaining IDC Metrics for the annual Information Security Performance Plan
The candidate will ensure performance of the customer’s Industry Cyber Hygiene Data Assessment Program, including:
- Establishing, documenting, and continually refining CONOPS and standard operating procedures documentation for the Cyber Hygiene Assessment (CHA) Team
- Developing and maintaining a management schedule for all CHA data analysis and assessment activities
- Coordinating with CHA personnel to collect artifacts, define scope and establish governance functions for assessments and analysis of industry cyber hygiene data
- Establishing performance metrics and process improvement criteria stemming from the results of industry cyber hygiene assessments and analysis
- Evaluating results and provide recommendations in determination of industry cyber hygiene maturity
- Creating both draft and final deliverable reports stemming from industry assessments and analysis for Federal CHA program personnel consumption and review
- Developing, maintaining, and updating any additional program documentation on an ongoing basis