Security Specialist

We are currently seeking a motivated, career and detail-oriented Security Specialist to join our team to begin an exciting and challenging career. The ideal candidate will understand information technology security standards and possess the capability to determine discrepancies between differentiating program products and identify deviations from standards. In this junior level role, the ideal candidate will possess the skills to support and coordinate current products, defining security requirements, and identify impacts to Security Assessment and Authorization (SA&A) packages. The ideal candidate should have a demonstrated understanding of the Software Development Life Cycle (SDLC) and possess demonstrated oral & written communication skills.

Position Responsibilities :

In this junior level role, the ideal candidate will assist with security engineering and analysis, gathering and organizing exploited vulnerability information. The ideal candidate will investigate security issues that appear under new threat scenarios as published by the Cybersecurity & Infrastructure Security Agency (CISA). The candidate will execute & examine vulnerability scan results and support reports development. The candidate will work closely with relational program teams validating system compliance with the organizational security policy. The candidate will be able to provide procedural, technical, and architectural recommendations to program management and engineering staff on security matters as required. The candidate will conduct and report on vulnerability and compliance scans, support identity access management and other security engineering activities. Additional responsibilities include supporting Certification and Accreditation (C&A) to obtain Authority To Operate (ATO) for program systems. At times, there will be opportunities to support special projects as needed or directed by the Program’s IT Security Manager.

The ideal candidate will possess demonstrated experience with Vulnerability Assessments, Incident Response, Penetration testing, Intrusion Detection / Prevention, Security Monitoring, application security assessments, risk assessments, security awareness, or related information security subject areas.

Technical Requirements and Experience Requirements : The ideal candidate must have demonstrated experience or knowledge with the following products and industry experience :

• Splunk
• Nessus (aka Tenable)
• Burp Suite
• IBM Guardium
• Linux Advanced Intrusion Detection Environment (AIDE)
• File Vantage
• ERPM Knowledge a plus
• Experience with Active Directory (AD) in relation to system administration.
• Proficient knowledge of Privacy Impact Assessments (PIA), Annual Assessments, Contingency Plans, FIPS 199 Security Categorizations, FISMA\FISCAM, Plan of Action and Milestones (POA&M).

Position Requirements :