Information Assurance Engineer - Security Lead
Apply NowCompany: Computer World Services Corp. (CWS)
Location: Falls Church, VA 22042
Description:
Job Description
Serves as the Information Assurance Security Lead for a large, complex task and will direct the execution of system security activities ensuring compliance with Federal regulations and DHS policy. Provides support for facilitating and helping agency identify their current security infrastructure and define future programs, design and implementation of security related to IT systems. The Information Assurance Security Lead also oversees the efforts of security staff to design, develop, engineer and implement solutions to security requirements. The Lead would be responsible for the implementation and development of the DHS IT systems security. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs. Supports customers at the highest levels in the development and implementation of doctrine and policies.
Working knowledge of the following areas is required:
Federal security requirements or equivalent processes for certification and accreditation, vulnerability scanning and remediation, contingency planning, and interface connection documentation.
ArcSight
o Responsible for reviewing, documenting and researching ArcSight alerts.
o Monitoring effectiveness of alerts and recommend rule modification when required.
o Performing Impact analysis, investigations and conducting weekly status meetings with the government and ArcSight SMEs to report related statistics as required to quickly identify potential cyber-attacks, material weaknesses and vulnerabilities.
Change Request (CR) Security Reviews
o Assessing CRs from a technical security perspective in conjunction with review boards to ensure changes do not introduce new security concerns.
o Providing weekly/monthly updates to the tracking repository to maintain historical information, running totals and reporting results to the client.
Risk Management
o Must demonstrate an understanding of business security practices and procedures and familiarity Identify and analyze potential threat activity
o Harden the configuration of devices and networks utilizing DOD Best Practices
o Identify and report unresolved security exposures with mainstream risks associated with commercial products and current Internet/EC technology.
Hardware/software security implementation, Different communication protocols, Encryption techniques/tools.
o Familiarity with commercial products, and current Internet/mobile technology.
Certification and Accreditation (C&A)
o Ability to support C&A, continuous diagnostics and mitigation and related initiatives.
o Experience creating and resolving POA&MS
Documentation
o Developing and maintaining documentation for security systems and procedures
o Experience in developing System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan
Key Tasks and Responsibilities
Lead assigned security tasks to successful completion.
Performs risk analyses which also includes risk assessment.
Directs and controls activities for clients, methods, and staffing to ensure that technical requirements are met.
Developing deliverables associated with FISMA security package including but not limited to: System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan
Work to complete ATO packages complaint to NIST guidelines
Adhere to NIST Risk Management Framework (RMF) to support analyzing development of supporting policies, procedure and plans
Adhere to NIST RMF for implementation of security controls and analyzing corrective action plans
Work with the System Owners, ISSOs and other stakeholders to complete assessment reports
Track and update POA&M entries
Analyze IT security events to distinguish events that qualify as security incidents as opposed to non-incidents
Maintain working knowledge of network communications, routing protocols and common internet applications/standards
Maintain information system inventories
Perform SIEM monitoring and analysis
Ability to serve as Information System Security Officer.
Job Requirements:
Required Education & Experience
Bachelor's Degree or higher and 10 years of related experience
The ideal candidate should be able to demonstrate working knowledge with several of the following concepts or technologies:
FISMA security experience for large scale information technology and database systems that utilize C++, JAVA, and PL/SQL, GO, Python, Ruby, C# programming languages
Security Information and Event Management tools (e.g. ArcSight, Splunk, etc.)
Firewall Devices/Platforms (.e.g Palo Alto, Cisco ASP)
Firewall Rule Reviews and Rule Analysis
Enterprise Risk Assessments, security strategy and cloud computing terminology (e.g. AWS)
CSAM
Amazon Web Services (AWS)
Certification Requirements
Certified Information Security Professional (CISSP) is required
Certified Cloud Security Professional (CCSP) is preferred
Clearance Requirements
Candidate must be a US Citizen, possess DHS Suitability background investigation or be eligible to qualify for DHS Entry of Duty background investigation followed by DHS Public Trust Clearance
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
None
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138
or
[email protected]
Get job alerts by email. Sign up now! Join Our Talent Network!
Job Snapshot
Employee Type Full-Time
Location Falls Church, VA (Hybrid)
Job Type Government - Federal, Information Technology
Experience Not Specified
Date Posted 03/05/2025
Job ID 4535/3430/23137
Apply to this job.
Think you're the perfect candidate?
Serves as the Information Assurance Security Lead for a large, complex task and will direct the execution of system security activities ensuring compliance with Federal regulations and DHS policy. Provides support for facilitating and helping agency identify their current security infrastructure and define future programs, design and implementation of security related to IT systems. The Information Assurance Security Lead also oversees the efforts of security staff to design, develop, engineer and implement solutions to security requirements. The Lead would be responsible for the implementation and development of the DHS IT systems security. Gathers and organizes technical information about an organization's mission goals and needs, existing security products, and ongoing programs. Supports customers at the highest levels in the development and implementation of doctrine and policies.
Working knowledge of the following areas is required:
Federal security requirements or equivalent processes for certification and accreditation, vulnerability scanning and remediation, contingency planning, and interface connection documentation.
ArcSight
o Responsible for reviewing, documenting and researching ArcSight alerts.
o Monitoring effectiveness of alerts and recommend rule modification when required.
o Performing Impact analysis, investigations and conducting weekly status meetings with the government and ArcSight SMEs to report related statistics as required to quickly identify potential cyber-attacks, material weaknesses and vulnerabilities.
Change Request (CR) Security Reviews
o Assessing CRs from a technical security perspective in conjunction with review boards to ensure changes do not introduce new security concerns.
o Providing weekly/monthly updates to the tracking repository to maintain historical information, running totals and reporting results to the client.
Risk Management
o Must demonstrate an understanding of business security practices and procedures and familiarity Identify and analyze potential threat activity
o Harden the configuration of devices and networks utilizing DOD Best Practices
o Identify and report unresolved security exposures with mainstream risks associated with commercial products and current Internet/EC technology.
Hardware/software security implementation, Different communication protocols, Encryption techniques/tools.
o Familiarity with commercial products, and current Internet/mobile technology.
Certification and Accreditation (C&A)
o Ability to support C&A, continuous diagnostics and mitigation and related initiatives.
o Experience creating and resolving POA&MS
Documentation
o Developing and maintaining documentation for security systems and procedures
o Experience in developing System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan
Key Tasks and Responsibilities
Lead assigned security tasks to successful completion.
Performs risk analyses which also includes risk assessment.
Directs and controls activities for clients, methods, and staffing to ensure that technical requirements are met.
Developing deliverables associated with FISMA security package including but not limited to: System Security Plan, Contingency Plan, Incident Response Plan and Continuous Monitoring Plan
Work to complete ATO packages complaint to NIST guidelines
Adhere to NIST Risk Management Framework (RMF) to support analyzing development of supporting policies, procedure and plans
Adhere to NIST RMF for implementation of security controls and analyzing corrective action plans
Work with the System Owners, ISSOs and other stakeholders to complete assessment reports
Track and update POA&M entries
Analyze IT security events to distinguish events that qualify as security incidents as opposed to non-incidents
Maintain working knowledge of network communications, routing protocols and common internet applications/standards
Maintain information system inventories
Perform SIEM monitoring and analysis
Ability to serve as Information System Security Officer.
Job Requirements:
Required Education & Experience
Bachelor's Degree or higher and 10 years of related experience
The ideal candidate should be able to demonstrate working knowledge with several of the following concepts or technologies:
FISMA security experience for large scale information technology and database systems that utilize C++, JAVA, and PL/SQL, GO, Python, Ruby, C# programming languages
Security Information and Event Management tools (e.g. ArcSight, Splunk, etc.)
Firewall Devices/Platforms (.e.g Palo Alto, Cisco ASP)
Firewall Rule Reviews and Rule Analysis
Enterprise Risk Assessments, security strategy and cloud computing terminology (e.g. AWS)
CSAM
Amazon Web Services (AWS)
Certification Requirements
Certified Information Security Professional (CISSP) is required
Certified Cloud Security Professional (CCSP) is preferred
Clearance Requirements
Candidate must be a US Citizen, possess DHS Suitability background investigation or be eligible to qualify for DHS Entry of Duty background investigation followed by DHS Public Trust Clearance
Other (Travel, Work Environment, DoD 8570 Requirements, Administrative Notes, etc.)
None
Computer World Services is an affirmative action and equal employment opportunity employer. Current employees and/or qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, disability, protected veteran status, genetic information or any other characteristic protected by local, state, or federal laws, rules, or regulations.
Computer World Services is committed to the full inclusion of all qualified individuals. As part of this commitment, Computer World Services will ensure that individuals with disabilities (IWD) are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Aaron McClellan in Human Resources at
314.952.5138
or
[email protected]
Get job alerts by email. Sign up now! Join Our Talent Network!
Job Snapshot
Employee Type Full-Time
Location Falls Church, VA (Hybrid)
Job Type Government - Federal, Information Technology
Experience Not Specified
Date Posted 03/05/2025
Job ID 4535/3430/23137
Apply to this job.
Think you're the perfect candidate?