ASEC is currently looking for a Security Administrator who supports multiple programs. The Security Administrator is responsible for searching for vulnerabilities and risks in hardware and software. The candidate will manage and monitor any attacks and intrusions. They must be able to recognize the potential threat or attempted breach and close off the security vulnerability. The Security Administrator will also be responsible for the Information Systems Security Manager (ISSM) duties for multiple information systems. The ISSM will coordinate duties with the Systems Administrator and/or Information Technology (IT) staff to ensure all Risk Management Framework (RMF) requirements are implemented and functional. This position will also conduct technical and nontechnical reviews and audits.
The ideal candidate will have the ability to work with minimal supervision to provide information security support to ASEC and the US DoD and to apply their technical expertise to the implementation, monitoring and/or maintenance of company IT systems. Work will be on classified and unclassified networks.
- Recommend, support and maintain a security document management solution for a Security Assessment and Authorization program to include FIPS 199, System Security Plans, Security Assessment Plan, Security Assessment Report, Contingency Plan, Configuration Management Plan, Plan of Action and Milestones (POA&M) management, Risk Assessment and Waiver management documentation and other supporting documents as required for system accreditation's.
- Experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC), and knowledge of Information Assurance Vulnerability Alerts (IAVAs).
- Assess and recommend process improvements to ensure all operational and application system changes undergo a security impact assessment. Experience conducting analysis and providing recommendations on new or existing security capabilities.
- Apply and maintain DISA/NSA STIG configurations to Microsoft, Linux and other vendor software products.
- Schedule and administer system downtime for maintenance and upgrades.
- Develop unique, effective security strategies for software systems, networks, data centers, and hardware.
- Quality assurance of software and hardware for security vulnerabilities and risks.
- Perform vulnerability and risk assessments on systems, applications, and baselines in support of Risk Management Framework (RMF) for DoD IT Department of Defense Instruction (DoDI) 8510.01 of networks and systems.
- Identify applications and operating systems machine data and logs for SIEM analysis. Provides security validation of complex engineering analysis and support for firewalls, routers, networks, and operating systems.
- Develop training for IT staff covering the implementation of new policy or procedures, new security program initiatives, etc.
- Provide CM for security-relevant information system software, hardware, and firmware. Collaborate with Change, Problem, and Release Management for security impacts to the environment.
Skills and Qualifications:
- DoD 8570 Certification: IAM-II Certification (CompTIA Sec+, CAP, CASP+ CE, CISM, CISSP, GSLC or CCISO).
- Certified Ethical Hacker (CEH) Certification, desired.
- Trained and proficient in Assured File Transfer (AFT) processes and tools.
- Knowledge in Windows, UNIX, and Linux operating systems and knowledge of ports, protocols, and the OSI Model.
- Experience working with IP networking, networking protocols, and understanding of security related technologies including Encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists.
- Demonstrated knowledge and comprehension of the Risk Management Framework, JSIG, and NIST policies.
- Must be able to communicate complex technical issues in simple terms and clearly, both orally and in writing, to a wide audience; Strong Interpersonal skills and the ability to work as part of a team.
- Requires infrequent travel, requires an occasional after-hours response to security-related company issues
- Must be a self –starter capable of multitasking and efficiently managing your time in a dynamic environment while requiring minimal levels of supervision
- Excellent verbal and written communication skills.
- Organized with attention to detail.
- Demonstrated problem-solving and analytical skills.
- Proficient in Microsoft Office Suite or related software.
Education and Experience:
- Bachelor's degree in Computer Science, Programming, Cyber or Information Assurance, or other IT related field.
- At least two (2) years of experience as an ISSO or ISSM
- At least three (3) years of experience in computer systems with some specialization in computer security, highly preferred.
- Experience with the DoD Information Assurance accreditation process
Required Clearance: This position is subject to a government security investigation and must meet eligibility requirements for access to classified information. Requires ACTIVE CLEARANCE.
- Requires flexibility in work hours.
We recruit, employ, train, compensate, and promote the most qualified persons for employment without regard to race, color, religion, ancestry, sex, national origin, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, genetic information, or any other status protected by law. ASEC will not discharge or in any other manner discriminate against employees or applicants because they choose to inquire about, discuss, or disclose their own compensation or the compensation of another employee or applicant.
If you'd like more information about your EEO rights as an applicant under the law, please click here: http://www.dol.gov/ofccp/regs/compliance/posters/pdf/eeopost.pdf
Posting ID: 589907538Posted: 2020-11-29