Request ID:IN-8486-1 (911091122)
Security Architect with OWASP Top Ten, CWE/SANS Top 25, vulnerability assessment, FISMA, eGRC, networking/LAN/WAN/firewalls/Cisco/Juniper, Windows/Linux and MAINFRAME experience
Location:Columbia SC
Remote Work Availability:50%
Duration:12 Months
Resume: 5 pages max
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1.10+ years of experience of I.T. working with Windows, Linux, Mainframe technologies and Web-based applications
2.5+ years of experience with Firewalls, Load-Balancing, LAN and WAN infrastructure
3.Ability to communicate clearly, verbally and in writing; to interact effectively with internal and external vendors, project team members, management and agency departments; to build relationships and use facilitation skills with both technical and non-technical personnel
4.Ability to write, edit, and prepare graphic presentations of technical information for both technical and business personnel
5.Experience in organizing information in a way that is appropriate for technical explanations without losing sight of the needs and aptitude of the audience
6.Ability to collaborate and coordinate with multiple teams and vendors
7.Ability to work independently and as a member of a team
8.Ability to multitask and prioritize tasks effectively in order to meet deadlines
9.Must be intermediate to advanced skills in additional Microsoft Office products (Word, Excel, PowerPoint, Visio) and working with templates and style guidelines for branding consistency
10.Keen attention to detail while maintaining the ability to see the big picture
11.Ability to absorb and retain complex processes
12.Strong English language skills
13.Demonstrable understanding of the rules of English grammar and usage
14.Ability to accept changes and constructive criticism in a fast turn-around environment
PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):
1.Experience identifying, testing and leading remediation efforts of OWASP Top Ten, CWE/SANS TOP 25 Most Dangerous Software Errors, etc.
2.Prior experience performing vulnerability assessments in organizations subject to FISMA or similar requirements
3.Prior experience in working with eGRC systems
Documentation/LanguageAbility to write, edit, and prepare graphic presentations of technical information for both technical and business personnelYes1AdvancedCurrently Using6 + Years
MiscellaneousAbility to deal effectively with the needs of technical peers, technical and user management, users, vendors, and staff members, and to communicate clearly and effectively in spoken and written formYes1AdvancedCurrently Using6 + Years
Network SecurityFederal Information Security Management Act (FISMA)No1AdvancedWithin 6 Months4 – 6 Years
Network SecurityOWASP Top 10 remediation techniquesNo1AdvancedWithin 6 Months4 – 6 Years
Network Securityrisk/vulnerability assessmentsNo1AdvancedWithin 6 Months4 – 6 Years
Networking & DirectoriesExperience with UNIX, Windows, Linux, MacOS, Cisco, Juniper, web apps, databases, strong authentication, operating systems and network security protocols and procedures.Yes1LeadCurrently Using6 + Years
Networking & DirectoriesLocal Area Network (LAN)Yes1LeadCurrently Using6 + Years
Networking & DirectoriesVirtual LAN (VLAN)Yes1AdvancedCurrently Using6 + Years
Operating Systems/APIsMAINFRAME OPERATIONSNo1AdvancedCurrently Using6 + Years
Packaged ApplicationsMS Office (Word, Excel, PowerPoint, Visio)Yes2IntermediateCurrently Using6 + Years
SpecialtieseGRC solutionsYes1AdvancedWithin 6 Months1 – 2 Years
SpecialtiesVulnerability ScanningYes1AdvancedWithin 6 Months4 – 6 Years
SCOPE OF THE PROJECT:
The Office is tasked with performing ongoing enterprise cybersecurity threat monitoring and incident response capabilities. A strong candidate for this position should possess experience in the following:
•Cyber Threat Response and Incident Handling
•Cyber Security Operations
•Network Engineering
•Security Service Portfolio Management
DAILY DUTIES / RESPONSIBILITIES:
The Consultant will work directly for the Director of Information Security to drive innovation and maturation of the Agency Cyber threat detection and response capabilities. We are looking for candidates who are highly organized, can work independently in a fast-paced environment and produce multiple quality deliverables within defined deadlines. Candidates should be self-starters, creative problem solvers and have an eagerness to implement tactics, techniques and procedures which make the most effective use of Agency staff, resources, products and technologies quickly.
Essential Responsibilities
1.Perform threat identification and analysis of risks to the Medicaid Enterprise
2.Drive innovation and maturation of the OIA (Cyber) Security Operations Center
3.Assist in the implementation and advancement of Continuous Monitoring and Incident Response processes and procedures
4.Expertly deploy and manage tools such as Tenable Nessus, Splunk, QRadar, etc.
5.Serve as Security Subject Matter Expert for Secure Application and Infrastructure Design, Development and Implementation
6.Design, deploy and manage secure network infrastructure to include switches, routers, firewalls and other devices as necessary to ensure the security of Agency data and associated services
7.Organize and write supporting documents/artifacts describing vulnerability assessment activities
8.Create documentation on specific remediation steps to close vulnerabilities or mitigate risk to acceptable levels
9.Create documentation that can readily to be added to Agency procedures
10.Revise documents and artifacts as tactics and techniques evolve to address new and emergent threats and trends
11.Work with Information Technology, Application Development and Business Teams to advance security efforts of the Medicaid Enterprise