Information Assurance Systems Specialist
Job description
Job Description
The Information Assurance Systems Specialist shall provide support to plan, coordinate, and implement the organization’s information security. Provides support for facilitating and helping agency identify their current security infrastructure and define future programs, design and implementation of security related to IT systems.
The Information Security Specialist also oversees the efforts of security staff to design, develop, engineer and implement solutions to security requirements. They would be responsible for the implementation and development of the DHS IT systems security. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs.
Working knowledge of the following areas is required:
- ArcSight/ AWS
o Responsible for reviewing, documenting and researching ArcSight alerts.
o Monitoring effectiveness of alerts and recommend rule modification when required.
o Performing Impact analysis, investigations and conducting weekly status meetings with the government and ArcSight SMEs to report related statistics as required to quickly identify potential cyber-attacks, material weaknesses and vulnerabilities.
o Review, analyze and/or report on tasks relating to the following AWS services: Management Console, GuardDuty, EC2, VPC, CloudTrail, Secrets Manager, Systems Manager, etc.
- Vulnerability Management
o Ability to perform Tenable Nessus SC scans, parse/analyze/report results for vulnerability remediation.
o Familiar with the Continuous Diagnostics and Mitigation (CDM) Dashboard.
- Hardware/software security implementation, Different communication protocols, Encryption techniques/tools.
o Familiarity with commercial products, and current Internet/mobile technology.
- Change Request (CR) Security Reviews
o Assessing CRs from a technical security perspective in conjunction with review boards to ensure changes do not introduce new security concerns.
o Providing weekly/monthly updates to the tracking repository to maintain historical information, running totals and reporting results to the client.
- Risk Management
o Must demonstrate an understanding of business security practices and procedures and familiarity Identify and analyze potential threat activity
o Harden the configuration of devices and networks utilizing DOD Best Practices
o Identify and report unresolved security exposures with mainstream risks associated with commercial products and current Internet/EC technology.
- Documentation
o Developing and maintaining documentation for security systems and procedures
o Experience in developing System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan
- Certification and Accreditation (C&A) - Security Authorization
o Ability to support C&A, continuous diagnostics and mitigation and related initiatives.
o Experience creating and resolving POA&Ms
o Familiar with Cyber Security Assessment & Management (CSAM)
Key Tasks and Responsibilities
- Complete assigned security tasks to successful completion
- Perform Security Information and Event Management (SIEM) monitoring and analysis
- Review, analyze and report AWS GuardDuty alerts
- Utilize cloud security services (e.g., Splunk, AWS, ArcSight, etc.) to perform monitoring, analysis and reporting
- Directs and controls activities for clients, methods, and staffing to ensure that technical requirements are met
- Developing deliverables associated with FISMA security package including but not limited to: System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan
- Work to complete ATO packages complaint to NIST SP 800-37 and SP 800-53 guidelines
- Adhere to NIST Risk Management Framework to support analyzing development of supporting policies, procedure and plans
- Adhere to NIST Risk Management Framework for implementation of security controls and analyzing corrective action plans
- Work with the System Owners, ISSOs and other stakeholders to complete assessment report
- Track and update POA&M entries
- Analyze IT security events to distinguish events that qualify as security incidents as opposed to non-incidents
- Maintain working knowledge of network communications, routing protocols and common internet applications/standards
- Maintain information system inventories
- Ability to serve as Information System Security Officer
- Performs risk analyses which also includes risk assessment
Job Requirements:
Required Education & Experience
- Bachelor’s Degree or higher and/or 5+ years of related experience
The ideal candidate should be able to demonstrate working knowledge with several of the following concepts or technologies:
- Security Information and Event Management (SIEM) tools (e.g. ArcSight, Splunk, etc.)
- Amazon Web Services (AWS) including: Management Console, GuardDuty, EC2, VPC, CloudTrail, Secrets Manager, Systems Manager, etc.
- Vulnerability Management/Analysis/Reporting using Tenable Nessus SC
- Enterprise security strategy, cloud security and cloud computing terminology (e.g., AWS, etc.), Risk Assessments.
- Firewall Devices/Platforms (e.g., Palo Alto, Cisco ASP)
- Firewall Rule Reviews and Rule Analysis
- Cyber Security Assessment & Management (CSAM)
- OpenShift
Certification Requirements
- Relevant commercial certifications desired (Security+, CISSP)
Clearance Requirements
- Candidate must be a US Citizen, possess DHS Suitability background investigation or be eligible to qualify for DHS Entry of Duty background investigation followed by DHS Public Trust Clearance
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
- None
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138 or URL blocked - click to apply.Job Snapshot
Employee Type
Full-TimeLocation
Falls Church, VAJob Type
Engineering, Government - FederalExperience
Not SpecifiedDate Posted
02/28/2023Job ID
3707/2628/16459gatheringourvoice.org is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, gatheringourvoice.org provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, gatheringourvoice.org is the ideal place to find your next job.