|
Reference Number:
DSTMINFOSEC
Job Description:
Information Assurance Specialist
We are seeking junior to mid-level information assurance professionals with a minimum of two (2) for junior to four (4) mid level years experience. At least one (1) full year of experience performing NIST SP 800-30 / NIST SP 800-39 risk assessments and applying NIST SP 800-53 security controls. Additional experience with FISMA, FIPS, and OMB circular A-130 highly desirable. There are numerous positions for information assurance services for Federal Civilian, Military, Law Enforcement, and Intelligence Agencies. They will verify compliance with established security procedures and standards, identify and document vulnerabilities, and make recommendations on mitigating actions in conformance with Agency, NIST, OMB, and other guidelines.
Education and Certifications:
BA/BS College degree in Computer Science, Management Information Systems, Electrical Engineering, or related field from an accredited institution with minimum 2 for junior and 4 for mid-level years of directly related experience. The ideal candidate would also be certified as a CISSP (Certified Information System Security Professional), CCSP (Certified Cisco Security Professional), GIAC (SANS - Global Information Assurance Certifications), or equivalent / relative security certification.
Security Clearance:
An active DoD SECRET clearance is required with ability to obtain a TOP SECRET clearance.
Work Location:
The work will be performed in the Washington, DC metropolitan area.
Certification and Accreditation (C&A), Information Assurance, Information Security
Experience Level:
2 Years
Requirements:
Required Skills:
Excellent analytical skills, and strong organizational, written, and verbal communication skills are required. Must be capable of working independently as well as part of a larger group. Independent thinkers with in-depth, hands-on experience analyzing, implementing, and testing various security mechanisms for multi-platforms and operating systems are desired. Must have risk assessment experience as well as experience conducting security testing with off-the-shelf security testing and risk assessment tools such as ISS, COPS, CyberCop, ESM, NESSUS, RiskWatch, and Xacta.
Required Knowledge and Experience:
Strong technical background with experience in several of the following areas: secure networks, firewalls, routers, databases (Oracle and SQL Server 2000), Microsoft Windows 2000/XP/2003, Solaris, and LINUX operating systems. Knowledgeable of Joint, DOD, Agency (DIA, NSA, etc.) and Service (Air Force, Army, Navy, etc.) security policies, memorandums, guidance, directives, regulations, manuals and the ability to apply this information. Capable of writing the documentation necessary to comply with DOD 5200.40, DITSCAP; DCID 6/3; and OMB A-11 and A-130, GISRA, and the NIST SP series, including, but not limited to: System Security Authorization Agreements, Security Concept of Operations, Threat and Vulnerability Assessments, Security Test and Evaluations (ST&E), Plans of Action and Milestones (POA&M), Risk Assessments (qualitative and quantitative), Security Requirements (system, detailed, and derived), and C&A documentation. Must have experience in configuring systems/networks, validating and verifying integration of security into systems/networks, and ensuring configuration management incorporates security. Ability to work multiple project efforts, interface with multiple contractors, Government staff, and US military personnel is critical. Excellent communication skills (verbal and written) required. Knowledge of Applications and Systems Development, Business Continuity Planning, Cryptography, and Operations Security a plus.
|
