Information Security Career Opportunities

C & A Analyst - Washington DC

2009-09-15T15:25:00.001-04:00

Principal Duties and Responsibilities:

Develop, update, and maintain appropriate Certification & Accreditation packages based on NIST standards for general support systems and major applications
Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application
Develop and maintain POA&M for all accepted risks upon completion of system C&A.
Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the system certification guidelines and procedures

Able to provide support and guidance through the POA&M remediation process, C&A progress, including compliance monitoring of C&A artifacts, annual self-assessments (NIST 800-53), vulnerability scans.
Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53, FIPS-199/200, and 800-30.
Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with information technology security.
Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develop, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.

General Skills:

Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.

Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.

Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines; develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.

Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.

Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.

Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training.

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

Other Skills/Qualifications (preferred/pluses):

Possess security certifications (CISSP, CISM, etc.)
Good communication skills

Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues

Ability to perform and interpret vulnerability assessments

Ability to administer the operations of a security infrastructure

Ability to balance and prioritize work

Qualifications

Basic Qualifications

Bachelor's degree or equivalent combination of education and experience

Three or more years of experience in network, host, data and/or application security in multiple operating system environments

Demonstrate experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists

Demonstrated Experience working with internet, web, application and network security techniques and working with relevant operating system security (Windows, Solaris, Linux, etc.)

Proven experience working with leading firewall, network scanning and intrusion detection products and authentication technologies

Demonstrated experience working with federal regulations related to information security (FISMA, Computer security Act, etc.) and with NIST Special Publications and C & A process methodology

Security Engineers, Washington DC

2009-04-29T22:30:00.001-04:00

Requirements:

* 4 years of experience in LAN/WAN network
* 3 years of experience in network security in areas such as infosec, ids, etc.
* 3 years of experience in working with federal IT Security policies and procedures.
* Experience working as as network/security lead is desired.
* Excellent communication skills are required

The client will accept candidates with Secret clearances and upgrade them to Top
Secret. Please respond with you resume if you are interested in hearing more.

This is located in downtown DC and our client will interview very quickly.

Information Security Analyst

2008-11-11T11:45:00.001-05:00

POSITION DESCRIPTION:
Reports to the Information Technology Security Team Project Manager. The Information Security Analyst acts as a consultant, interfacing between the customer and IT security consulting team throughout the federal information system certification and accreditation life cycle. Responsible for NIST certification and accreditation as primary task area. Provides internal status reports, enforces quality control of project deliverables, and implements efficient processes and procedures for continuing improvement of services for the customer. The ideal candidate is very detail oriented with strong technical knowledge, superior writing skills, and excellent customer relationship management skills. He or she will be responsible for planning, developing, finalizing, and reviewing key deliverables in each stage of the certification and accreditation process. The Information Security Analyst will be actively engaged in identifying unique system characteristics; interviewing key organizational personnel (technical, administrative, and executive); working with consulting team to compose requisite documentation (security categorizations, risk assessments, contingency planning, etc.); and mapping complex technical requirements, functionality, and capabilities to prescribed security controls, policies, and practices. The analyst will coordinate and plan all certification and accreditation activities for existing systems and those still in development (SDLC); provide ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by NIST, OMB, FISMA, etc; work face-to-face with multiple stakeholders through interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition; conduct in-depth technical reviews of new and existing IT systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines; and analyze business models, workflows, and organizational dimensions as they relate to the design, implementation, and support of the information system.

REQUIRED EDUCATION:
Bachelor's degree in related field and 4+ years of related experience. Must have bachelor's degree or higher; no waivers accepted.

REQUIRED SKILLS:
Knowledge and hands-on experience with IT security architecture and design (firewalls, intrusion detection systems, virtual private networking, and virus protection technologies, LAN/WAN design, and general internetworking technologies), various operating systems and hardware, and basic programming and database training. Proficiency with advanced features of Microsoft Word 2003 and other Microsoft Office Suite 2003 applications including Outlook, PowerPoint, and Excel. Experience with Adobe Acrobat Professional. Excellent technical writing skills in the English language, excellent written and oral communication skills, desktop publication skills. Ability to work with minimal supervision, set priorities, and give attention to detail and quality, flexible, strong organizational and time management skills, ability to multi-task, ability to work individually and with a team, positive attitude, self-motivated, reliable, trustworthy, strong interpersonal skills, diplomacy, and ability to handle stress in professional manner. Professional business attire is required for client site work. The candidate must possess one or more of the following certifications: CISSP, CISA, CISM, GIAC, MCSE, CCNA, CCNP, GSSP, GPEN.

DESIRED SKILLS:
Knowledge of OMB A-130, FISMA, OMB Memos, Privacy Act of 1974, HIPAA, and Sarbanes-Oxley, and NIST Special Publications 800 series, and one or more of the following certifications: ITILv3, COBIT. Experience in the financial services market is beneficial but not required.

SECURITY CLEARANCE REQUIREMENTS:
U.S. citizen and High Public Trust clearance (6C).

WORK LOCATION:
Hyattsville, MD. Travel: 0-25%.

WORK HOURS:
Day shift, Monday though Friday, 40 hours/week.

Server Security Administrator , Washington DC

2008-09-24T18:04:00.001-04:00

At least 5 years of experience in the field of Information Security with proven involvement in operations requiring for stringent uptime service levels. Experience in the following areas:
- Network Management and Security paradigms.
- Intimacy with UNIX, Windows and Linux hardware and software configurations.
- Relevant experience in environments supporting databases (Oracle and Sybase), including intimacy with DB concepts and operations.
- Problem analysis, systems analysis and user support.
- Some exposure to Disaster/Recovery and system backup disciplines.
- Practical experience with security tools (compliance monitoring, Scan Tools, IDS/IPS Systems, firewalls, etc.) and some exposure or knowledge of related technologies (PKI, SSO, Smart Cards, etc.)
Team player with strong technical and user support skills. Demonstrated ability to work under pressure, in a demand driven environment; Initiative, resourcefulness, flexibility in dealing with issues. Ability to prioritize workload and balance conflicting demands.
Determined team-work orientation as well as a balanced responsiveness to client needs and requirements; strong practical experience.
Willingness to work nights, weekends, and holidays on occasion to help mitigate crisis situations.
Excellent oral and written communication skills. Able to present and explain technical information to diverse types of audience (management, users, vendor, and technical staff).

Specific Requirements:

Detailed knowledge and experience on network or host based firewall configuration and management.
Proven ability to coordinate and manage multiple concurrent tasks.
Academic/professional training to at least a Bachelor's Degree or its international equivalent, preferably in Computer Science, Management Information, or Electrical Engineering. Strong practical experience may substitute for lack of some academic credentials.
Experience in ensuring security compliance.
Able to review security vulnerabilities and assess the real impact within the Bank?s environment.
CISSP certified or willing to obtain certification.

ISSO, Arlington VA

2008-08-03T14:10:00.002-04:00

*Job Description*
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level. The ISSO is the principal point of contact for information assurance activities at the IT system level. The ISSO is responsible for ensuring that management; operational and technical controls for securing either National Security Systems or SBU level IT Systems are in place and are followed. This includes ensuring that appropriate steps are taken to implement information security requirements for IT systems throughout their life cycle, from the requirements definition phase through disposal. 1. Must develop and implement documentation outlining system operating environment, to include the overall mission, floor layout, hardware configuration, software, type of information processed, user organizations and security clearances, operating mode, interconnections to other systems/networks of users, their security personnel, and associated responsibilities; 2. Must understand software development lifecycle fundamentals and provide appropriate information security guidance to system owners of major applications and development environments 3. Must be familiar with development applications and development environments and understand risks and vulnerabilities as it relates to information security 4. Assist in the development of the overall system security document, the Information System Security Plan, which contains all necessary security procedures, instructions, operating plans, and guidance; 5. Participate in the development or revision of System-specific security safeguards and local operating procedures that are based on the above regulations; 6. Provide IT security consulting to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, operating instructions, technical vulnerability reports, and contingency plans; and 7. Provide expertise in classified and unclassified ratings to customers. 8. Work closely with Certifiers to navigate the TSA Certification & Accreditation process and produce all appropriate accreditation documentation.
*Required Skills*
Requirements: Must possess 5 years of related security experience. Bachelor's Degree preferred. Must possess experience with FIPS 199 and NIST standards. It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or possess a similar security professional certification. Strong relevant experience and education can substitute for these certifications. Strong communication, interpersonal and client-facing skills required.

C&A Consultant, Washington DC

2008-07-23T16:15:00.002-04:00

We have a short term opportunity and need a couple of candidates for some C&A work in the DC metro area.

Recertify and Reaccredit a portion of the Network for the client per FISMA requirements.

The IT Security Specialist shall have six years of experience in the Federal and NIST based certification and accreditation process in accordance with NIST 800-37.

Must have hands on experience with the following:

Writing system security plan in accordance with NIST 800-18 Rev. 1.

Developing Risk Assessment reports in accordance with NIST 800-30.

Contingency Plan development and testing.

Vulnerability scanners such as Nessus, WebInspect, AppDetective and/or ISS or Foundstone.

Writing ST&E and conducting security test and evaluations for major applications and general support systems (GSS).

Required certifications CISSP or CAP.

ArchSight Admin, Arlington VA

2008-07-22T06:41:00.002-04:00

ArchSight Admin to work from Leesburg, CS bachelors, 5 years experience with Archsight, or 10 years total experience, Secret clearance.

Single Sign-on/CIdM Senior Business Analyst, Washington , DC

2008-07-09T11:33:00.002-04:00

Description of Duties:

To support the requirements and project analysis of the Cyber Identity Management in the areas of capability, capacity, performance, use cases, and operations etc.

Activities include:

1) Collect business and technical requirements from all stakeholders and analyze requirements with architects and engineers to finalize the best approaches and solutions to implement an enterprise-wide Cyber Identity Management system including HSPD-12, PKI, Biometrics, and Single Sign-on services; 2) Ensure the solutions adhere to DHS Enterprise Architecture standards and other applicable DHS standards; 3) Help establish a framework to guide the design of the SSO/CIdM solutions and implementation approaches; 4) Ensure information assurance requirements, procedures, processes, techniques, and technologies are addressed and applied throughout the System Development Life Cycle, Systems Assurance process, IT architecture development process, Configuration Management, and IT operations processes and procedures; 5) Produce product-specific analysis and testing results documents and use cases; 6) Research, evaluate, acquire, implement, and integrate single sign-on security tools; 7) Understanding the nature of organizational systems and applications to determine the level of protection needed and the level of risk that can be tolerated; 8) Working with Program Offices and Other Components within ICE and DHS to ensure business requirements and processes are fully integrated into the CIdM design and implementation; 9) Conduct cost and ROI analysis to clearly demonstrate risks, benefits, and trade-offs to facilitate decision-making process; 10) Devise configuration management and maintain change control processes;

Qualifications:

1. Active DoD Secret clearance or above; preferably current DHS/ICE clearance

2. Over 10 years of experience in IT with at least 7 years specifically in the analyst role for project and/or business operations

3. Excellent understanding of project lifecycle management especially in the requirement collection, analysis, and maintenance areas

4. Excellent analytical skills with good understanding in project financial and return on investment analysis

5. Excellent writing, oral communication, and people skills

6. Excellent in mapping organization's missions, goals, and policies into strategies, plans, and tangible deliverables

7. Sensitive to organizational culture issues and is able to work through and out of the difference and produce results

8. Good understanding of the requirements of HSPD-12

9. General understanding of Cyber Identity Management based on Public Key Infrastructure (PKI) with its concept, lifecycle, applications, and operations

10. General understanding of the concept and technologies of Single Sign-on

11. Good understanding of federal Enterprise Architecture reference model

12. An independent thinker and self-motivated worker yet work well in a team-oriented environment

Clearances/Certifications necessary: US Citizen, Clearable for DHS Public Trust Clearance

Location: 1120 Vermont Avenue, Washington , DC 20005

Single Sign-on/CIdM Information Systems Security Officer, Washington , DC

2008-07-09T11:31:00.003-04:00

Description of Duties:

To develop, implement, and maintain a Certification and Accreditation (C&A) program to support Cyber Identity Management (CIdM) systems and services.

Activities include:

1) Managing and mitigating risks associated with CIdM information systems; 2) Providing guidance and technical direction in support of risk management, certification and accreditation (C&A), FISMA, and various oversight audits; 3) Facilitating interactions with the appropriate DAA, ISSO, and other relevant parties, the risk management activities for CIdM Systems; 4) Preparing acceptable C&A documentation: System Security Plans (SSP), Risk Assessments, Security Operating Procedures or Guides, Security Test and Evaluations (ST&E) Test Plans (Pre-Operational and Operational), ST&E Test Plan Results Reports, Contingency Plans (CP), CP Test Plans and Results, Inter-Agency Security Agreements (ISA) and Rules of Behavior; 5) Preparing and submit Security Evaluation Reports (SERs) for Certification Official review and approval and submission to the appropriate DAA for the accreditation decision; 6) Provide expert Information Assurance (IA) input throughout the Systems Lifecycle Management (SLM)

Qualifications:

Required:

1. Active DoD Secret clearance or above; preferably current DHS/ICE clearance

2. Over 10 years of experience in IT with at least 5 years specifically in the Information Security area

3. Excellent understanding of the requirements, methodologies, documentation, and coordination of completing FISMA compliance by following NIST publications

4. Excellent understanding of how to integrate information security requirements into the System Development Lifecycle (SDLC) preferably by following NIST 800-64

5. Excellent writing and oral communication skills

6. Good understanding of Cyber Identity Management based on Public Key Infrastructure (PKI) with its concept, lifecycle, applications, and operations

7. Good understanding of the requirements of HSPD-12

8. General understanding of the concept and technologies of Single Sign-on

9. An independent thinker and self-motivated worker yet work well in a team-oriented environment

Desired:

1. CISSP certification desirable but not required.

Clearances/Certifications necessary: US Citizen, Clearable for DHS Public Trust Clearance

Location: 1120 Vermont Avenue, Washington , DC 20005

Team Size: 25 Team members

Start Date: ASAP

Duration: 6 months to permanent

Sr. Security Risk Analyst (x2), Washington , DC

2008-07-09T11:29:00.003-04:00

JOB DESCRIPTION:

Scope: Responsible for verifying the integrity of compliance and oversight program duties, including risk management, certification and accreditation, vulnerability and threat analysis, FISMA compliance, and other security activities for a large scale Federal organization. Responsible for conducting evaluation and analysis of artifacts and conducting automated tests. Responsible for developing test scripts and implementing them for automated systems and general support systems. Ensures compliance with government and company security policies and procedures. Reviews and investigates non-compliance issues. Responsible for designing, developing or recommending integrated security system solutions that will ensure proprietary/confidential data and systems are protected. Coordinates the activities of a section or department with responsibility for results in terms of costs, methods used, and employees. Provides technical engineering services for the support of integrated security systems and solutions. Participates with the client in the strategic design process to translate security and business requirements into technical designs. Configures and validates secure systems and tests security products and systems to detect security weakness. Works on problems of diverse scope. May be responsible for the technical direction, leadership, and training of less experienced staff. Ensures project schedules and performance requirements are met. Contributes to the development of organization's goals and objectives. Regularly interacts with customer and/or functional per group managers. May interact with senior management. Interactions normally involve matters between functional areas, other company divisions or units, or customers and the company.

REQUIRED EDUCATION/SKILLS:

BS degree in Computer Science or related field plus 8+ years related work experience. Superior writing and analytical skills. Knowledge of Federal Government security management, operational, and technical requirements. U.S. Citizenship required and the ability to obtain and U.S. Public Trust Suitability and Top Secret Clearance.

DESIRED SKILLS:

Master's Degree, CISSP or equivalent certification.

Clearances/Certifications necessary: US Citizen, Clearable for DHS Public Trust Clearance

Location: 1120 Vermont Avenue, Washington , DC 20005

Start Date: ASAP

Sr. Security Policy Analyst

2008-07-09T11:28:00.002-04:00

POSITION OVERVIEW:

Provide guidance and technical direction in support of the development and promulgation of IT Security policy and guidance and ICE Supplemental Guidance for SBU and NSS systems. Perform extensive review of IT security policy and system compliance with security certification and accreditation (C) requirements and NIST 800-53A Controls established by the DHS Chief Information Security Officer and higher authority. Evaluate new and proposed IT Security policy changes and ensure discussion among interested parties. Participate in ICE, DHS and other government working groups as appropriate and communicate all policy concerns to OCIO and IAD. Develop and maintain an extensive list of ICE waivers and exceptions as appropriate.

REQUIRED EDUCATION:

Bachelors degree or 6 years experience in lieu of degree and 8+ years related work experience.

REQUIRED EXPERIENCE:

Must have superior writing skills and excellent MS Project and Excel skills. Outstanding verbal communication skills are required and experience interviewing mid to senior level federal employees regarding detailed aspects of major IT program elements. Experience briefing senior personnel on a wide range of IT security policy issues and technologies. Demonstrated motivation to learn new skills and improve on existing ones while supporting a highly visible program within a major federal agency. Familiarity with established IT security principles and government documents and programs such as the Federal Information Security Management Act (FISMA), DITSCAP, NIACAP, DIACAP, and NIST accreditation requirements and guidelines. U.S. Citizenship is a must and the ability to obtain a U.S. Public Trust Suitability.

DESIRED SKILLS:

Experience working on DHS or other government contracts; active secret clearance is a plus.

Clearances/Certifications necessary: US Citizen, Clearable for DHS Public Trust Clearance

Location: 1120 Vermont Avenue, Washington , DC 20005

Team Size: 25 Team members

Start Date: ASAP

IDS Engineer (DC Gov)

2008-05-30T18:01:00.004-04:00

JOB REQUIREMENTS

· Advanced Functional knowledge of network based and host based intrusion detection systems
· Advanced knowledge of NFR (Checkpoint), ISS Site Protector, Juniper, Snort and COTS Intrusion Detection Systems
· Knowledge of various protocols (HTTP, TCP/IP, UDP, FTP, ICMP, ARP, RIP, SMTP, BGP)
· Knowledge of tools and methods used by hacker/cracker community to comprise target systems
· Functional knowledge of best of breed Intrusion Detection and Prevention system technology
· Knowledge of Network Operations/ OSI model and TCP/IP stack
· Experience with Firewall technology/ Virtual Private Networking/ Routing and Switching
· Knowledge of UNIX/LINUX Operating System environment.

Minimum Requirement

- Bachelors degree in Computer Science or related field
- 5+ years of work experience in the IT Security industry.
- CCNP, CCIE, CEH, CISSP preferred.

Jr. Information Assurance Engineer

2008-05-14T18:28:00.001-04:00

This position is located at the Joint Interoperability Test Command in Indian Head, MD, approximately 30 minutes south of the Pentagon. Conducts Security Certification and Accreditation in accordance with DHS Certification and Accreditation Guidance. Duties may include the writing of Systems Security Plans, and the other C& A documentation for this large, complex system that is central to FEMA IPAWS. Conducts attack and penetration testing against internal and external targets, site surveys, interviews, reviews documentation, identifies current area of risk, and defines parameters of security testing effort. Facilitates input from customer and end users to identify functional and technical security and privacy requirements. Reports progress and issues to C&A team lead.

KNOWLEDGE DESIRED

Web Site security/Firewalls

UNIX/LINUX and NT Administration

LAN/WAN Technologies

Intrusion detection/monitoring tools

Additional areas of experience desired are:

Experience with DOD/DHS Certification Guidance (DOD 8500/DHS 4300)

Extensive knowledge of internet use and operations

ABILITIES

The candidate must be proficient in the use of a PC, Microsoft PowerPoint, Excel, Word, Visio, and Project Management.

Ability to review technical documentation to verify compliance with security requirements and security standards and guidelines

Ability to document and communicate the status of progress against plans, taking corrective action as necessary

Ability to identify, clarify, and resolve system development and maintenance activity issues and risks

Express ideas clearly and effectively both verbally and in writing; adjusts style of communication to suit different audiences

Ability to understand the business impact of security issues and communicate these to senior management

ADDITIONAL REQUIREMENTS

The candidate must be able to attend technically oriented meetings, derive requirements that are a result of such meetings, and develop comprehensive reports, with minimal supervision.

The candidate must be able to attend meetings in Washington, DC and surrounding areas and travel to any area of the CONUS for up to two weeks at any one time.

The candidate must present themselves in a professional manner, possess interpersonal people skills, oral and written communications skills and dress in accordance with professional standards.

NICE TO HAVE

Knowledge of DHS systems, infrastructure and organization. Previous experience of DHS C&A-related tools. (RMS and TAF).

Information Assurance Risk Assessment Professional

2008-04-17T11:49:00.001-04:00

The candidate will be responsible to lead technical risk assessment efforts working with application and infrastructure subject matter experts from cross-functional teams such as business, database administrators, Unix and Windows system administrators, network engineers and application engineers. Technical Risk assessment is a process for identifying and mitigating technical risks with Application Service Provider (Vendors), that the client plans to partner with.

Responsibilities:
Communication with business units, other stakeholders
Project management, co-ordination and documentation
Architecture analysis and identification of risks
Technical negotiations with external vendors
Documenting the risks, and help business stakeholders define contractual terms

Required skills:

At least 6 years experience in full life cycle of technology development, at least 3 years should be in lead role. Broad Knowledge of various technologies such as Application Servers, Databases, Unix and Networks, etc . Understanding of information security best practices and standards. Demonstrated ability to manage multiple projects. Excellent communications skills and ability to communicate effectively with technical and business teams.

Desired skills: PMP, CISSP certifications are considered a plus.

Information Assurance Policy / Procedure Writer/Analyst/Engineer

2008-04-17T11:47:00.001-04:00

Daily Responsibilities	* Able to create policy based on federal requirements. * Able to communicate with the customer to develop procedures to comply with existing policy, incorporating currently performed practices. * Able to augment existing procedures as necessary to meet new policies. * Able to review, edit, quality check work of team members * At least 3 years IA experience
Required: Years of experience (min)	4-5
Required: Degree	Bachelors
Required: Knowledge	Familiarization with FISMA, NIST, and OMB Information Assurance requirements. (Specifically NIST SP800-53)
Desired: Skills / Knowledge / Certifications	NIST SP800-53, HSPD-12, SmartCard implementation, Wireless LAN implementation.

Security Analyst

2008-03-20T15:36:00.000-04:00

We have a requirement for one security analyst starting in April 2008 through at least September 2008.. The individual must have a good understanding of the Information Security Body of Knowledge, with FISMA and NIST security standards, CObIT Controls Framework, Sarbanes-Oxley Technical Standards, and hands-on experience performing certification reviews based on NIST security control requirements (Special Publication 800-53) and Information Security audits based on SOX 404. The individuals will be assigned to work with existing security staff to assist with the evaluation of internal controls and will assist with the redesign of controls that need to be strengthened to satisfy SOX 404 certification requirements. Individual must have work experience with both FISMA and SOX.

Both CISSP and CISA certification are required.

Certification & Accreditation Professional/Information Security Leader - Washington DC

2008-03-20T08:32:00.001-04:00

Location: Washington/DC

Travel: New Mexico 30-50%( All covered)

Clearable

Develop and execute a Certification & Accreditation program within a major Government Agency. Must possess experience with NIST or DITSCAP standards. Requires 5 years of related security experience with a BS degree. If candidate does not possess a degree then he/she must possess 9 years of experience. It is preferred that this person be a current Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar security professional certification.

Principal Duties and Responsibilities:

**Develop, update, and maintain appropriate Certification & Accreditation packages based on NIST standards for general support systems and major applications
**Recommend appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major application
**Develop and maintain POA&M for all accepted risks upon completion of system C&A.
**Assist the government with developing a network of public and private sector organizations capable of providing cost effective, quality, system and network security assessment and certification based on unified federal guidelines and procedures
**Integrate with a team of skilled information technology security professionals demonstrating competence in the application of the system certification guidelines and procedures
Able to provide support and guidance to ISSO/SO's through the POA&M remediation process, Certification & Accreditation (C&A) progress, including compliance monitoring of C&A artifacts, annual self-assessments (NIST 800-53), vulnerability scans.
Able to assist with many other ISSO responsibilities including documentation, policy compliance, and CM review, as well as user training.
Working knowledge of the Trusted Agent FISMA Tool (TAFT) and the Risk Management System (RMS).
Awareness of current information security issues and the ability to interpret the requirements of relevant policies and standards set forth in NIST documentation, specifically, 800-37, 800-53, FIPS-199/200, and 800-30.
Working knowledge of Microsoft Office Suite (to include Excel, Word, and Powerpoint).
Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
Assist in ongoing training efforts for TAFT, RMS, FISMA and related IT Security mandates which may include developing and presenting briefings given to an audience of other IT professionals.
Participates in the development and maintenance of reports which serve to monitor and track multiple FISMA related metrics.
Ability to communicate effectively orally and in writing to build and maintain customer satisfaction and express conclusions in a clear, technically sound manner on matters associated with information technology security.
Identifies security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. Develops, tests and operates firewalls, intrusion detection systems, enterprise anti-virus systems and software deployment tools.

General Skills:

Provides complex engineering analysis and support for firewalls, routers, networks and operating systems. Performs and evaluates vulnerability scans within a multi-platform, large enterprise environment. Reacts to and initiates corrective action regarding security violations, attempts to gain unauthorized access, virus infections that may affect the network or other event affecting security.
Oversees user access process to ensure operational integrity of the system. Enforces the information security configuration and maintains system for issuing, protecting, changing and revoking passwords.
Develops technical and programmatic assessments, evaluates engineering and integration initiatives and provides technical support to assess security policies, standards and guidelines. Develops, implements, enforces and communicates security policies and/or plans for data, software applications, hardware and telecommunications.
Performs complex product evaluations, recommends and implements products/services for network security. Validates and tests complex security architecture and design solutions to produce detailed engineering specifications with recommended vendor technologies.
Reviews, recommends and oversees the installation, modification or replacement of hardware or software components and any configuration change(s) that affects security.
Provides complex technical oversight and enforcement of security directives, orders, standards, plans and procedures at server sites. Ensures system support personnel receive/maintain security awareness and training.
Assesses the impact on the business unit/customer caused by theft, destruction, alteration or denial of access to information and reports to senior management.
Provides leadership and work guidance to less experienced personnel.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.

Other Skills/Qualifications (preferred/pluses):

Possess security certifications (CISSP, CCNA, etc) and/or top secret security clearance
Good communication skills
Strong analytical and problem solving skills to troubleshoot and resolve network/operating system security issues
Ability to perform and interpret vulnerability assessments
Ability to administer the operations of a security infrastructure
Ability to balance and prioritize work

Qualifications

Basic Qualifications

Bachelor's degree or equivalent combination of education and experience
Seven or more years of experience in network, host, data and/or application security in multiple operating system environments
Demonstrate experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists
Demonstrated Experience working with internet, web, application and network security techniques and working with relevant operating system security (Windows, Solaris, Linux, etc.)
Proven experience working with leading firewall, network scanning and intrusion detection products and authentication technologies
Demonstrated experience working with federal regulations related to information security (FISMA, Computer security Act, etc.) and with NIST Special Publications and C & A process methodology

IT Security Privacy Lead

2008-03-14T10:08:00.001-04:00

IT Security Privacy Lead

Skills

Senior IT professional with at least 7 years of IT experience with a concentration in IA and/or Privacy
Knowledge of the following Privacy-related areas:

General framework of federal statutes and regulations: laws, the United States Code, and the Code of Federal Regulations;
NIST security risk assessment framework;
Privacy provisions of the Privacy Act of 1974, Paperwork Reduction Act of 1995, and E-Government Act of 2002. Knowledge of OMB privacy policy memoranda and guidance issued since 2006; and
NIST impact-based categorization scheme for federal systems.

Two years of experience performing analyses of existing information systems and Information technology initiatives to prepare information collection requests, systems of records notices, and privacy impact assessments.
One year of experience preparing instructional materials (briefings, policies, and procedures) associated with federal privacy management for civilian agencies.
Strong communications skills; working knowledge of M/S Word and Excel; and ability to write and review Privacy-related documentation.
Bachelors Degree preferred. Otherwise related Associates degree and IT Security related professional certifications. .

Job Requirements

Serve as the OCIO Security Team expert in Privacy.
Assist in the solution of privacy-related issues and the update of the DOL Privacy Program.
Review DOL IT Security Privacy policies and procedures to ensure compliance with federal Privacy requirements, identify gaps, develop strategy and implement appropriate actions to close the gaps.
Review DOL IT Security Privacy training to ensure the content is appropriate and complies with federal Privacy training requirements, identify gaps, develop strategy and implement appropriate actions to close gaps.
Review DOL IT system privacy impact assessments (PIA) to ensure they are complete and comply with DOL and Privacy Act guidance.
Support the DOL SSN Reduction Task Force.
Support the DOL PII Working Group to address OMB privacy mandates.
Update DOL privacy-related policies and procedures.

Information Assurance Policy Officer

2008-03-11T16:37:00.001-04:00

Security Policy Officer will support the OCIO PMO by developing policies and procedures required to effectively and efficiently implement government security regulations to protect government sensitive but unclassified (SBU) information. The Policy will be responsible for the interpretation of government information security policies and auditing compliance of the protection of SBU.

Serve as the primary point of contact to a customer on issues related to the Federal Information Security Management Act (FISMA). This task requirement includes advising/consulting with Government personnel to produce all Federal Information Security Management Act (FISMA) reports, as well as to assist in the oversight of the development of an automated solution to expedite and standardize the reporting process.

SKILLS REQUIRED:

CISSP, CAP or CISM

Experience managing multiple tasks with competing priorities

Using MS Project and MS Office Suite

Education: BSc Information Systems Management

Years of Experience: minimum 5

Overseas Job Opportunity

2008-03-05T11:34:00.001-05:00

Intrudetect has immediate openings for candidates with:

Secret Clearance
An active passport
Experience working with Microsoft SharePoint and/or .NET, general experience level is junior to mid level
Experience working overseas is preferred (but not required)

We currently have two positions that need to be immediately filled with another 5 to 10 positions to be filled later in March/April.

Position profile:

Deployment: 9 months at military bases in the United States (primarily Shaw AFB), 3 months at USAF bases in the middle east as one of four teams (details in ppt)
Compensation bonuses up to 70% if deployed in overseas hostile areas (Iraq, Afghanistan) Compensation bonuses of 15%-45% for deployment in less hazardous areas (Kuwait, UAE, etc.)
Annual compensation ranges from $ 180,000 to $ 220,000
Overseas deployments are on military bases (not in country) and involve no combat activities (patrols, watch, etc.)
Lodging and accommodations along with a per diem is provided while deployed overseas.

Information Security Risk Analyst

2008-03-03T16:40:00.001-05:00

Information Security Risk Analyst
Washington,DC

Skill Set requirements;

§ Minimum 8 years experience in a mission-critical production environment required
§ Minimum 8 years experience with proprietary and sensitive data classifications required
§ Demonstrated knowledge and experience of the Bank Group's and Unit's systems and business processes, policies and procedures, as well as relevant software application systems, hardware configuration and Network Architecture to implement Information Security as a process.
§ Ability to conduct standards based (COBiT/SOX) risk assessment of financial applications and processes, design and implements controls, gather auditable evidence needed to meet compliance standards.
§ Ability to develop specific proactive procedures for detection of security breaches, identifying security risks in the software development process and code promotion procedures.
§ Demonstrated conceptual, analytical and innovative problem-solving and evaluative skills, an ability to conduct independent research and analysis in the event of a security breach, identifying issues, formulating options, proactively closing the security loop-holes, and making conclusions and recommendations.
§ Demonstrate good interpersonal skills; including the ability to work effectively in a team/task force as participant or team leader.
§ Capacity to work independently and willingness to seek advice/assistance.
§ Demonstrated knowledge and experience of working on advanced technologies specifically in the areas of Identity and Access Management, PKI, User Provisioning, Role Mining, Vulnerability Assessment and Penetration Testing tools for Oracle.
§ Analyzing security configurations for Microsoft Windows NT, Microsoft Windows 2000, and Cisco IOS, Oracle 9i/10g platform.

Certification & Accreditation Lead - DC Metro Area

2008-02-29T18:23:00.001-05:00

We are looking for a Certification & Accreditation (C&A) Lead.

This position is located in Crystal City and does require U.S Citizenship. If you are interested in learning more about this opportunity or know of anyone who may be, please feel free to forward this site.

Security Engineer, Bethesda MD

2008-02-13T16:16:00.001-05:00

Responsible for managing and maintaining IT security safeguards deployed across diverse network environments.
Also include the configuring, installing, tuning and auditing of multiple firewall policies and IDS/RNA systems to prevent, or detect network intrusions.
Create and maintain comprehensive and current documentation on security system architecture and configuration.

Investigate, validate and mitigate if necessary; security alerts that are generated from various sources.
Submit weekly status reports of all activities.
Working with various teams on designing, planning, and implementing future security enhancements, in efforts to continuously enhance the overall security of the network.

Required Skills

Must possess; strong written and oral communication skills, strong customer service qualities and the ability to work in a team environment
Must be task oriented and able to work with limited supervision
Demonstrated hands on experience with firewalls, IDS, and IPS systems
Must possess a solid understanding of the IT security concepts and methodologies, and be able to display solid networking knowledge

Required Experience

Knowledge of the principals of IT security Architecture and network design
Experience with patch management planning, implementation and
validation processes
Experience with IT security system analysis, tuning, configuration and auditing
Experience using security penetration testing tools, vulnerability scanners or network packet analyzers.
Experience with enterprise anti-virus system planning, implementation and validation processes
Knowledge of the security certification and accreditation process for federal information systems - a plus
Project management experience - a plus

Skills Candidate should possess:

At least (1) of the following - CISSP, CISM, CISA, CCNA or an MCSE Security.
ITIL foundations certification - a plus
Position located in Bethesda , MD

NETWORK SECURITY ENGINEER

2008-02-12T16:04:00.001-05:00

Job Title: Systems Mgmt Specialist Cisco
Location: MANASSAS, VA
Duration: 1 YEAR

Job Description:
Our client is looking for Systems Management Specialist Cisco Networks

(Nokia/Chkpt. PIX), LBs (F5 & Cisco), Rtrs & Switches (Cisco). A professional (working closely w/Customers) & work diligently within a highly structured change mgmt process environ. Working knowledge of Visio, ss (excel), SNA a plus. On site support at either the Manassas, Va loc. or possibly a Phily loc. - individuals willing to work at either loc. should be submitted. This position involves day-to-day OPs support, 24x7 rotating coverage, PD skills & project related work (some travel). Secondary skills requested The secondary/complementary skills below were also requested. Skill name Level requested Systems Management Specialist Manage System Change 2 Significant job experience Systems Management Specialist Perform Problem Management 2 Significant job experience Systems Management Specialist Manage Performance/Capacity 1 Knowledge/some job experience Systems Management Specialist Perform Availability Management 1 Knowledge/some job experience Systems Management Specialist Develop Systems Operating Procedures 1 Knowledge/some job experience Systems Management Specialist Use Systems Monitor Tools 2 Significant job experience Systems Management Specialist Perform System Performance Tuning 1 Knowledge/some job experience Systems Management Specialist Implement System Mgmt/Monitor Systems 1 Knowledge/some job experience Systems Management Specialist Implement Cisco 2 Significant job experience

Network Engineer

2008-02-08T13:01:00.001-05:00

Job Description:

Specific responsibilities of the Government Security Team include:

-Supporting the 7x24 Security Operations Center (SOC) with security incident handling. (SOC is in a different location.) A real-time log of observed security events is published and available in real-time throughout the federal government organization.

-Correlation and analysis of security inputs from multiple sources including but not limited to IDS/IPS consoles, firewall logs, real time packet traces, host logs, for profit intelligence services.

-Vulnerability management. Using multiple tools such as the ISS Enterprise Scanner, MetaSploit, Core-Impact, WebInspect and custom developed tools, perform an iterative technique of testing, notifying, escalating and retesting to manage a vulnerability detection and remediation program for the customer. The vulnerability management program includes custom remediation advice for System Administrators.

-Linux and Windows web service and server support, to include building servers and recommending to customers methods to secure web servers.

-Management hotspots detailing serious security incidents detected at the National Gateways.

-Change management of key security configuration items such as documentation, firewall policy and IDS/IPS signature sets.

-Patch management with audit trail support for infrastructure servers installed at that National Gateways.

-Publish weekly significant actions and monthly summaries of detected activity and responses.

-Implementation of an extensible secure knowledge base that details specific threats, security controls and procedures.

Required & Desired Skill Sets:

-This position is located in Washington, DC near Union Station (accessible by train, light rail & metro). Individual will work on-site with the customer on projects.

-US citizenship is required.

-There is NO Government security clearance requirement (candidate is subject to Sprint¿s background employment check)

-The work hours are: arrive between 7am and 9am and work 5 days a week OR work an AWS (Alternate Work Schedule)¿9 hours/day and have every other Friday or Monday off.

-The Senior Security Engineer candidate must have a minimum of four years in the network security field, within the focused security arena of intrusion detection.

-The Engineer must have hands-on working skills in the use and administration of security tools to include the 1) Internet Security Systems (ISS) RealSecure product line and/or the Cisco Intrusion Prevention System (IPS) product line, 2) the use of MetaSploit and 3) WebInspect.

-Experience in working with, supporting and troubleshooting Linux and Windows web servers and securing web services is desired.

-Five years of HANDS-ON WORK Experience in network security.

-Other Requirements. Scripting programming experience

-Education Requirements: No 4-year College Degree required

-Preferred: CISSP, GIAC or other security certifications.