Our client, a civilian agency in NW DC, is looking for an IT Security Analyst/Specialist with a certification (CISSP or CISM). The IT Security Specialist collaborates with project/product managers, developers, and the agency's Information Technology Security Office (ITSO) to ensure the appropriate operational security posture is maintained for information systems developed and maintained for the Office of Probation and Pretrial Services (OPPS). The IT Security Specialist plays a key role in helping OPPS mature their IT security practices and processes.
The IT Security Specialist is responsible for:
. Creates system security documentation, including, but not limited to, Systems Security Plans, Risk Management Plan, Contingency Plan, application security policies and procedures, security guidelines for software developers, incident response procedures, and system boundary documentation.
. Reviews raw data from automated scan tools and works with project managers and developers to help them understand the results and assess risk, identify remediation options and prioritize their closure.
. Tracks the status of vulnerabilities discovered during system test to closure.
. Reviews and helps project managers and developers understand the relative risks of various application architectures.
. Participates in code reviews.
. Reviews system documents developed by other team members.
. Reviews project schedules to ensure that security activities, including ITSO processes, are included where and when appropriate.
. Represents OPPS in meetings and discussions with the ITSO, as required.
. Delivers formal and informal presentations to colleagues, customers, and other stakeholders.
. Performs other IT security-related tasks.
The IT Security Specialist should have experience with:
Experience as an IT Security Specialist with responsibilities similar to those listed above.
. Knowledge of NIST SP-800 series standards.
. Experience as an IT Security Specialist in a multi-operating platform environment (e.g., Windows, UNIX, and Linux).
. Experience reviewing output from automated scanning tools.
. Understanding of SDLC methodologies and ability to articulate security's fit in each phase of the cycle.
. Ability to read code - in particular, Java and .NET.
. Understanding of firewalls and other tools used to secure IT systems.
Successful members of the team are those who demonstrate passion for their technical or functional domain - in this case, IT/cyber security; recognize the importance of and are advocates for collaboration; exercise sound judgment; and are solution driven.
Contact me via email at email@example.com for immediate consideration.