Request ID:BL-10687-1 (910291216)
Onsite Security Analyst with Risk/Vulnerability Assessment, SIEM, Endpoint Security, SCSEMS, IRS Pub 1075, Nessus, PCI/NIST experience
Location:Columbia SC
Duration:12+ Months Hrs/Wk:40.00
***PLEASE KEEP RESUMES TO A MAXIMUM OF 2 PAGES.***
Remote Work Availability:0%
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
STRONG COMMUNICATION AND TEAMWORK SKILLS
HANDS-ON TECHNICAL IT AND/OR SECURITY SYSTEM ADMINISTRATION EXPERIENCE
DEMONSTRATED ABILITY TO LEARN AND ADMINISTER NEW SYSTEMS
RISK AND VULNERABILITY ASSESSMENTS
EXPERIENCE INSTALLING AND USING VARIOUS SECURITY TOOLS
INFORMATION SECURITY PRINCIPLES AND PRACTICES
ABILITY TO ANALYZE AND TEST NEW SOLUTIONS FOR SECURITY REQUIREMENTS
THE ABILITY DOCUMENT DESIGNS, AND WRITE PROCEDURES
IT SECURITY
APPLICATION SECURITY
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
EXPERIENCE WITH SIEM TECHNOLOGY
ENDPOINT SECURITY EXPERIENCE
EXPERIENCE WITH SCSEMS AND KNOWLEDGE OF IRS PUB 1075 CONTROLS
EXPERIENCE WITH NESSUS
EXPERIENCE IN PROJECTS INVOLVING PCI/NIST SECURITY IMPLEMENTATIONS AND/OR AUDITS
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY CONTROLS
REQUIRED EDUCATION/CERTIFICATIONS:
BACHELOR DEGREE IN TECHNOLOGY FIELD
Experience
AdministrativeVerbal Communication SkillsYes1AdvancedCurrently Using2 – 4 Years
AdministrativeWritten Communication SkillsYes1IntermediateCurrently Using2 – 4 Years
MiscellaneousNESSUSNo1AdvancedCurrently Using2 – 4 Years
Network SecurityIT SecurityYes1AdvancedCurrently Using2 – 4 Years
Network SecurityApplication SecurityNo1AdvancedCurrently Using2 – 4 Years
Network Securityrisk/vulnerability assessmentsNo1AdvancedCurrently Using2 – 4 Years
SCOPE OF THE PROJECT:
EVALUATES EXISTING AND PLANNED TECHNOLOGY ENVIRONMENTS OF THE AGENCY, VENDORS AND OTHER PARTNERS, FOR COMPLIANCE WITH INFORMATION SECURITY POLICIES AND STANDARDS. RECOMMENDS INFORMATION SECURITY MEASURES AND PRACTICES, IN CONTEXT OF THE AGENCY’S BUSINESS GOALS, TO SAFEGUARD INFORMATION ASSETS IN ACCORDANCE WITH APPLICABLE FEDERAL, STATE, AGENCY AND INDUSTRY POLICIES, STANDARDS AND BEST-PRACTICES. PARTICIPATES IN REVIEWS AND UPDATES OF SECURITY POLICIES, STANDARDS, PROCEDURES; AND OF THE EMPLOYEE SECURITY AWARENESS PROGRAM. CONTRIBUTES TO CREATION AND MAINTENANCE OF SECURITY COMMUNICATIONS, INFORMATION SHARING AND OTHER DOCUMENTATION NECESSARY TO PERFORM THE FUNCTIONS OF THE CISO DIVISION OF THE AGENCY.
KNOWLEDGE OF SECURITY ADMINISTRATION IN ONE OR MORE OF THE FOLLOWING AREAS OF TECHNOLOGY: NETWORK DEVICES, WORKSTATIONS, SERVERS, STORAGE TECHNOLOGY, SECURITY INSTRUMENTATION. ABILITY TO WRITE DETAILED SECURITY DOCUMENTATION ON TECHNICAL SECURITY ASSESSMENTS, POLICIES AND PROCEDURES. ANALYTICAL AND PROBLEM SOLVING SKILLS. KNOWLEDGE AND UNDERSTANDING OF INFORMATION RISKS CONCEPTS AND PRINCIPLES AS A MEANS OF RELATING BUSINESS NEEDS AND SECURITY CONTROLS. ABILITY TO COMMUNICATE WITH AUDIENCES WITH VARYING LEVELS OF TECHNICAL KNOWLEDGE. ABILITY TO ESTABLISH AND MAINTAIN EFFECTIVE WORKING RELATIONSHIPS TO EFFECTIVELY PERFORM JOB DUTIES THAT BY THEIR NATURE CREATE TENSION. KNOWLEDGE OF PROJECT MANAGEMENT.
Job Details:
SECURITY REVIEWS AND ENGINEERING – LEADS THE EVALUATION OF NEW INFORMATION TECHNOLOGY PROJECTS AND PROPOSED CHANGES TO EXISTING TECHNOLOGY FOR COMPLIANCE WITH SECURITY POLICIES AND STANDARDS. WORKS WITH THE ARCHITECTURE AND INFRASTRUCTURE TEAMS ON THE DESIGN, ENGINEERING, AND IMPLEMENTATION OF TECHNOLOGY SOLUTIONS TO ENSURE SECURE EMPLOYMENT. PROVIDES EXPERTISE TO AND COLLABORATES WITH PROJECT STAKEHOLDERS TO MAKE RECOMMENDATIONS THAT HELP ACHIEVE BUSINESS AND FUNCTIONAL GOALS, WHILE MEETING SECURITY REQUIREMENTS. MANAGES SECURITY REVIEWS IN ACCORDANCE WITH ESTABLISHED IT AND SECURITY PROCESSES.
PERIODIC/CYCLICAL COMPLIANCE ASSESSMENTS – APPROVES SECURITY PLANS WITH THE CISO AND LEADS PERIODIC/CYCLICAL SECURITY ASSESSMENTS AND RISK ASSESSMENTS OF THE AGENCY, VENDORS, AND OTHER PARTNERS IN ACCORDANCE WITH SECURITY POLICIES AND STANDARDS, IN A MANNER THAT PROVIDES AN ACCURATE REPRESENTATION OF THE SECURITY POSTURE OF THE ENTITY BEING EVALUATED. CREATES PLANS, ASSESSMENTS, REVIEWS AND RESULTS IN THE FORM OF SYSTEM SECURITY PLANS, SYSTEM SECURITY ASSESSMENTS, RISK ASSESSMENTS, SUBJECT MATTER REVIEWS, FINDINGS, AUTHORIZATIONS-TO-OPERATE AND OTHER DOCUMENTATION SPECIFIED BY POLICIES AND PROCEDURES. CONTRIBUTES TO AND CRITIQUES DOCUMENTATION THAT IS REQUIRED TO BE SUBMITTED TO EXTERNAL AUTHORITIES, INCLUDING IRS, PCI, DSS AND STATE AUTHORITIES. PERFORMS ASSESSMENTS IN ACCORDANCE WITH ESTABLISHED SCHEDULE GOALS AND REQUIREMENTS.
SECURITY PROCESS ADMINISTRATION – AUTHORS AND UPDATES GOVERNANCE, COMMUNICATION METHODS AND ARTIFACTS NECESSARY TO PERFORM THE FUNCTIONS OF THE CISO DIVISION OF THE AGENCY INCLUDING, BRIDGE DIAGRAMS, REPORTS, METRICS, POLICIES, PROCEDURES, SHAREPOINT SITES, SHARED DRIVES, ETC.
SECURITY PROGRAM UPDATES — ANALYSES AND PROPOSES UPDATES TO INFORMATION SECURITY GOVERNANCE AND THE SC DOR INFORMATION SECURITY AWARENESS PROGRAM. MAINTAINS EXPERT LEVEL KNOWLEDGE CURRENT WITH CHANGES TO EXTERNAL REQUIREMENTS SUCH AS IRS, PCI DSS, STATE POLICIES AND INDUSTRY BEST-PRACTICES. RECOMMENDS AREAS IN WHICH NEW AND ADDITIONAL INFORMATION SECURITY GOVERNANCE IS NEEDED. WRITES, CONTRIBUTES TO WRITING, AND UPDATES SECURITY PLANS, POLICIES, AND PROCEDURES.
RTR – SoSC IT Temp Solicitation_Attachment .docx