ESSENTIAL AREA OF RESPONSIBILITY:
All areas of responsibility listed below are essential to the satisfactory performance of this position, with reasonable accommodation, if necessary. Work responsibilities may vary, depending upon assignment. Perform the following Information Assurance/Information Security management/administration support duties in accordance with the requirements of the contract Performance Work Statement/Statement of Work.
- Will ensure the Information Assurance (IA) and security posture of the established infrastructure is in accordance with DOI, FISMA, and other appropriate laws, directives, policies, standards and guidelines.
- At the direction of the customer will provide support to Computer Security Incident Response Team (CSIRT).
- Under the direction of the Sr. Network Engineer, using established guidelines and procedures will provide computer security monitoring, Incident Response, and Vulnerability Management, to include:
- Active security monitoring, intrusion detection and analysis
- Responding to security incidents as required by the FISMA Act of 2002, DOI IT Security Policy Handbook, and applicable SOP’s.
- Conduct vulnerability analysis, scanning, log analysis, identification of weaknesses, and notification of customer.
- Will provide security architecture, Administration, and Engineering Services, to include:
- Security architecture review
- Security infrastructure evaluation and maintenance
- System log operations and maintenance
- Security Information and Event Manager Monitoring and Processing
- Engineering Support Services to Include Upgrades or configuration changes to government furnished security equipment and software
- Engineering Support Services to construct firewall rules, update software for government furnished security tools and software to improve business processes, or to meet a new requirement.
- Will assist with planning, implementing, performing and reviewing results of technical security reviews and network analysis to include, but not limited, to scanning, testing, and auditing to determine system vulnerability and security activity.
- Will perform risk assessments and penetration testing as directed by the customer and IAW SOW.
- Will assist with the development, design, and modification of risk statements, summaries and presentations providing recommendations for corrective action of incidents.
- Will assist in the development and preparation of mitigation strategies to address security vulnerabilities.
- Will perform, direct and/or support security accreditation and certification activities as required.
- Will assist in the development and implementation of IA policy and procedure documents as required
- Will establish and maintain effective professional working relationships with customers, co-workers, vendors, and other contractors.
- Will participate in meetings, committees, and conferences as directed by the customer.
- Maintain current expertise in security best practices, network and system exploit methodologies, and defensive tactics.
- Analyze information from multiple sources to gain a holistic understanding of the enclave security profile, then develop and prioritize any necessary responses or mitigations.
- Will provide Information Assurance and Information Security of technology during architecture design, installation, and ongoing maintenance to ensure compliance with DOI requirements.
- Attend work each day during scheduled work hours unless on approved travel or time off.
- Perform travel to contractor and customer sites, as required (see WORKING CONDITIONS below).
- Follow policies and procedures as described in corporate manuals and directives.
- Work flexible hours, including occasional overtime.
- Carry out other duties as may be assigned or requested.
- Work is performed indoors with some potential risks to safety and health hazards related to electronics.
- Travel to CONUS locations may be required.
- Must have 5 years of broad work experience including administration, engineering, and security.
- Must have 3 years experience in network and system design, access control and implementation.
- Must possess CISSP, SANS GIAC, MCSE or equivalent certifications.
- Must possess or be able to obtain Security+ certification within six (6) months of starting work.
- Must be able to work on multiple projects simultaneously and balance conflicting demands to meet customer requirements.
- Must have experience assessing and hardening security configurations for O/S, applications and services.
- Must possess an in-depth knowledge of TCP/IP addressing and standards including network design, firewall configuration, load balancing, remote access, strong authentication, vulnerability scanning, VPN and DMZ management.
- Must have relevant applicable experience as related to the General Functions listed in this position description.
- Must demonstrate technical knowledge and experience with application security, content filtering, network protocols, access control, encryption, and 2 factor authentication technologies.
- Must demonstrate an understanding of common security protocols such as Kerberos, RADIUS,RSA, TACACS+, SSL, TLS, SSH, IPSec, S/MIME, PKI and SFTP.
- Must demonstrate an ability to perform ethical hacking, penetration testing, vulnerability assessments and web application security testing using various tools and provide a summary of issues and best practice resolutions.
- Must be able to effectively communicate both orally and in writing to technical and non-technical audiences.
- Must be able to transport self to various facility sites, as required. If using own motor vehicle, must possess a valid driver’s license and proof of insurance.
- May require lifting up to 25 pounds.
- Requires visual acuity to use a keyboard and computer mouse.
PESystems Inc., is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for Employment without regard to race/ethnicity, color, religion, sex, national origin, ancestry, age, sexual orientation, gender identify, genetic information, marital status and disability (including physical or mental disability as well as pregnancy) veteran status or any other status protected by Federal State or local law.