Information Security Specialist - CISSP/CISM

Job Details:

Job Title - Information Security Specialist

Job Location - Silver Spring, MD / Washington, DC

Job Duration - 12 Months with possibility of an extension

Work Module - Hybrid (3 days onsite at Silver spring, MD, 2 days remote)

Job Discription :

Primary Responsibilities:

The candidate will be a part dynamic team that supports Enterprise Scale Infrastructure security, assessment, reporting and remediation of threats in alignment with government standards and compliances such as FedRAMP.

Daily Duties:

• Ensure infrastructure security engineering principles are applied in complete infrastructure management lifecycle. (NIST SP 800-160, NIST SP 800-53).
• Analyze, Evaluate, and recommend standard security measures based on the gap assessment and industry best practices.
• Use various tools and techniques to create cyber resilient infrastructure to cover patching, scanning, and upgrades for enterprise hardware, software, database, and applications.
• Leverage various enterprise tools such as Tenable, McAfee EPO, SCCM, Bigfix to generate security compliance reports.

• Manage and operate security engineering solutions such as IDS/IPS, EDR.
• Establish and maintain security boundary/baseline for infrastructure systems and regularly report status for needed corrective actions.
• Continuously monitor, detect, and remediate threats using log collection solution.
• Develop, document, and maintain benchmarks/baselines for information systems and update as necessary.
• Run periodic baselines scans and generate reporting for security vulnerabilities. Coordinate with System Engineering team for remediation.
• Track and manage reported security incidents, perform root cause analysis, and provide remediation guidance.
• Promote standard configuration management and change management practices across enterprise infrastructure.
• Review and document standard operating procedure for security management, administration, and reporting.
• Participate in evaluating new technologies as per FedRAMP guidelines.

Qualifications:

Public Trust Clearance is required.

• Possess and maintain in good standings at least one of the following professional certifications: ISC2 Certified Information System Security Professional (CISSP), CompTIA A+, CompTIA Security+, GIAC Information Security Professional (GISP), ISC2 Certified Authorization Professional (CAP), Active certification number is required for validation.
• Two (2) years' demonstrated experience with operating cybersecurity tools (e.g., Tenable Security Center, vulnerability scanners, database vulnerability scanners, and web application scanners, etc.)
• Two (2) years' demonstrated experience with IT operations configuration management tools (e.g., Microsoft System Center Configuration Manager, Bigfix, etc.)
• One (1) year demonstrated experience performing systems administration, network management, security systems operations, cloud security (e.g., firewalls, antivirus, IDS/IPS), configuration management standards and baselines, and change control technologies.
• Demonstrated experience developing security procedures.

• Demonstrated experience assisting in the maintenance of systems to protect data from unauthorized users.
• Demonstrated experience identifying, reporting, and resolving security violations.
• Familiar with a variety of the field's concepts, practices, and procedures.
• Relies on experience and judgment to plan and accomplish goals.
• Performs a variety of complicated tasks.
• Familiarity with presenting technical material to non-technical managers in a non- technical manner to ensure a clear understanding of how the risk(s) affects the mission and/or business functions.
• Familiarity with NIST Special Publications and Federal Information Processing Standards.
• Familiarity with integrating DHS Continuous Diagnostic and Mitigation (CDM) new tools.