Implement and monitor security processes relative to IT Policy, Procedure, and Compliance with respect to NISPOM and Department of Defense (DoD) Information Security requirements. Audit information system security plans and procedures to comply with DoD and separate service regulations, directives and procedures. Function as Information Technology Security Administrator, coordinate and oversee compliance of multiple IT Security and Audit requirements in coordination with Security, IT Management, Audit, and Compliance. Provide input and assistance as an IT team member.
ESSENTIAL DUTIES AND RESPONSIBILITIES
- Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Responsible for defining IT Policy and Procedure based on security frameworks and guidance from CMMC, NIST, and ISO 2700.
- Assists in writing and maintaining IT Security policies, procedures, and documentation.
Performs comparisons between existing standards and practices and work instructions, creating or correcting practice documents when needed.
- Establishes proactive reporting system for non-compliance, intrusion or abuse of information security procedures within classified areas and investigate and recommend corrective actions for violations to the IT Management and FSO.
- Responsible for recurring tasks on systems as assigned: Conduct scheduled inspections of systems/facilities that process information; Maintain and audit all logs and records associated with operation procedures; Audit security logs, reports, daily system audits, security logs and authentication features to assure security-relevant actions are properly implemented and executed; Create security reporting as required by ongoing business needs and audit requirements; Identify new security platforms/tools to improve overall infrastructure security; Review current and upcoming security requirements/threats and create the necessary actions to mitigate any risks to the organization.
- Responsible for implementation, and management of the following IT platforms: Web Application Security such as Web Application Firewalls; Vulnerability Assessment suite(s); Antivirus/Antimalware suite(s); Intrusion Detection Systems/Intrusion Prevention Systems; Enterprise SIEM suite(s).
- Expertise in securing desktop and server Operating Systems (Microsoft Windows, CentOS, and RedHat Enterprise Linux) with best practices and adherence to NIST STIG and hardening baselines.
- Evaluate enterprise business system proposed changes, updates, or patches and advise IT Management, Change Management Board, and ISSM of relevance.
- Provide security best practice guidance and expertise to project manager(s) and BSA to define requirements for applications, installations, and program architecture for information systems.
Provide assistance to IT team members, BPO, and Security staff to insure compliance with applicable IT Security policies, DoD/Service specific regulations and contractual security requirements.
- Perform and document annual risk assessment to determine if additional countermeasures are required.
- Change Management Board member acting as SME for Security and Compliance.
- Perform as a member of the IT Incident Response Team for threats and security risks to the organization. This includes interfacing with the underlying teams/individuals to formulate and apply remediation action.
- Build and maintain cloud components specific to security, identity, and governance in multiple cloud providers.
- Develop and document cloud security best practices and security guidelines for cloud technologies.
QUALIFICATIONS AND EDUCATION REQUIREMENTS
- 6 years of direct Information Security roles.
- At least one DoD 8570 baseline certification required.
- Thorough understanding of Interconnected Systems Management, LAN/WAN security architecture design and operational support.
- Ability to establish and participate in Integrated Product Teams and provide IS security considerations and planning to program management and engineering.
- Knowledge and practical experience of computer security components ( i.e. topology, switches, routers, firewalls).
- Understanding of current information security threat analysis, identification, mitigation and investigation techniques.
- Must be eligible for a DOD Personnel Security Clearance and any special access requirements.
- Bachelor’s degree in related disciplines preferred.
- CISSP, ISP or NISPOM Ch 8 certification.
- Military career specialty in Information Assurance and/or Security is desired.
- Must be detail oriented; work with minimal supervision; Strong analytical and problem solving capabilities.
- Prior experience with IT Audit procedures and documentation preferred.
- Current Secret clearance is preferred.
- Extensive experience with hardware/software platforms to include MS Windows, Linux preferred.
- Military service, military environment familiarity, customs and protocol experience preferred.
- Other professional certifications highly desirable. Incumbent will be expected to attain certifications if not previously qualified.