Security Architect with risk/vulnerability/compliance assessment, NESSUS, SIEM, Endpoint Security, DISA STIGs, IRS SCSEMS/Pub 1075, PCI/NIST and FireEye HX experience

Request ID: BL-9014-1 (910291014)

Security Architect with risk/vulnerability/compliance assessment, NESSUS, SIEM, Endpoint Security, DISA STIGs, IRS SCSEMS/Pub 1075, PCI/NIST and FireEye HX experience

Location: Columbia SC
Duration: 12 Months Hrs/Wk: 40.00

Required Skills (rank in order of Importance):
• Strong communication and teamwork skills
• Hands-on Technical IT and/or Security System administration experience
• Knowledge of information security principles and practices
• Demonstrated ability to learn and administer new systems
• System risk, Vulnerability, and compliance assessments
• Experience installing and using various security tools, especially vulnerability
• Ability to analyze and test new solutions for security requirements
• The ability document designs, and write procedures
• IT Security
• Application Security

Preferred Skills (rank in order of Importance):
• Experience with NESSUS
• Experience with SIEM technology
• Endpoint Security Experience
• Experience with DISA STIGs, IRS SCSEMS and knowledge of IRS Pub 1075 controls
• Experience in projects involving PCI/NIST security implementations and/or audits
• Experience with FireEye HX

REQUIRED EDUCATION/CERTIFICATIONS:
BACHELOR DEGREE IN TECHNOLOGY FIELD

PREFERRED EDUCATION/CERTIFICATIONS: RELATED SANS, ISC2, OR RELEVANT INDUSTRY RECOGNIZED CERTIFICATIONS

Experience
Administrative Verbal Communication Skills Yes 1 4 – 6 Years
Administrative Written Communication Skills Yes 1 4 – 6 Years
Education Bachelor’s degree in a technical or business field Yes 1 4 – 6 Years
Network Security Application Security Yes 1 4 – 6 Years
Network Security information security principles and practices Yes 1 4 – 6 Years
Network Security IT Security Yes 1 4 – 6 Years
Network Security risk/vulnerability assessments Yes 1 4 – 6 Years
Network Security SECURITY TOOLS – Ability to install and use various security tools Yes 1 4 – 6 Years
Networking & Directories Information Security Yes 1 4 – 6 Years

Remote Work Availability: 0%

SCOPE OF THE PROJECT:
Fifty Percent of this position is Security Process Administration – Responsible for administration of security tools and solutions. Authors and updates governance, communication methods and artifacts necessary to perform the functions of the CISO Division of the agency including, bridge diagrams, reports, metrics, policies, procedures, SharePoint sites, shared drives, etc.

The other fifty percent of this position is split between the three functions below:
Security Reviews and Engineering – Leads the evaluation of new information technology projects and proposed changes to existing technology for compliance with security policies and standards. Works with the architecture and infrastructure teams on the design, engineering, and implementation of technology solutions to ensure secure employment. Provides expertise to and collaborates with project stakeholders to make recommendations that help achieve business and functional goals, while meeting security requirements. Manages security reviews in accordance with established IT and Security processes.

Periodic/Cyclical Compliance Assessments – Approves security plans with the CISO and leads periodic/cyclical security assessments and risk assessments of the agency, vendors, and other partners in accordance with security policies and standards, in a manner that provides an accurate representation of the security posture of the entity being evaluated. Creates plans, assessments, reviews and results in the form of system security plans, system security assessments, risk assessments, subject matter reviews, findings, authorizations-to-operate and other documentation specified by policies and procedures. Contributes to and critiques documentation that is required to be submitted to external authorities, including IRS, PCI, DSS and state authorities. Performs assessments in accordance with established schedule goals and requirements.

Security Program Updates — Analyses and proposes updates to information security governance and the SC DOR information security awareness program. Maintains expert level knowledge current with changes to external requirements such as IRS, PCI DSS, state policies and industry best-practices. Recommends areas in which new and additional information security governance is needed. Writes, contributes to writing, and updates security plans, policies, and procedures.

Leave a Reply