Abacus Technology is seeking a Sr. Information Security Specialist to provide security support for the Federal Information System Security Officer in the areas of Information Assurance and Security Assessment and Authorization (A&A), information security practices and policies, and security solution implementation. This is a full-time position.
Identify and assess enterprise information assurance (IA) and security standards. Develop and implement IA/security standards and procedures. Assist with preparations for A&As and coordinate with external group to conduct A&As. Coordinate, develop, and evaluate security programs for an organization. Recommend IA/security solutions related to software and hardware to support customers’ requirements. Identify, report, and coordinate resolution to resolve security violations. Establish and satisfy security requirements based upon the analysis of user, policy, regulatory, and resource demands. Support customers at the highest levels in the development and implementation of doctrine and policies. Apply know-how to common user issues for government and COTS systems, and to dedicated special purpose systems requiring specialized security features and procedures. Perform analysis, design, and development of security features for system architectures. Analyze and define security requirements for computer systems which may include servers, workstations, and personal computers. Design, develop, and coordinate the implementation of solutions that meet security requirements. Provide integration and implementation of the computer system security solution. Analyze general IA-related technical problems and provide basic engineering and technical support in solving these problems. Perform vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle. Ensure that all information systems are functional and secure. Assist project teams in ensuring security requirements are considered, and providing security solutions.
7+ years of experience in an information assurance or security role for enterprise systems. Bachelors of Science in Computer Engineering, Computer Science, Information Systems, Cybersecurity, or related field from an accredited institution. Must have CISSP certification; Certified Ethical Hacking or similar certification highly desired. Experience with the assessment and accreditation (A&A) process and Plans of Action and Milestones (POA&M) development and resolution, as well as developing A&A packages and artifacts. Experience conducting security testing and evaluation and performing contingency planning. Experience with continuous monitoring and industry standard vulnerability scanning, as well as compliance verification and analysis, including the use of automated tools (Nessus Tenable, SCAP, Splunk, Fortinet , McAfee Foundstone Vulnerability Manager, Wireshark, security testing tools, etc.). Knowledge of intrusion prevention and network access control tools/systems. Understanding of system audit principles and security risk assessment. Familiarity with Federal government and DOD standards for IA/security including DIACAP, FISMA, NIST, and OMB. Must have solid communications skills and be capable of working with all levels of an organization. Understanding of network architectures, current networking technologies, security requirements and features of networks and web-based applications. Experience with implementation of encryption (data at rest, data in transit), and multi factor authentication solutions preferred. Must be able to process and analyze information provided by a customer or team member (e.g., system administrator, developer, security specialist), make determinations, and provide solutions. Outstanding communication skills. Must be a US Citizen and hold at least a Secret clearance.
Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.