Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Senior Information Security Specialist (

A

Arrow Alliance Industries, LLC

Senior Information Security Specialist (

Denver, CO
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Title:
    SENIOR INFORMATION SECURITY SPECIALIST 

    Company: Arrow Alliance Industries, LLC (Norman, OK)

    Location(s):
    Washington, DC or Lakewood, CO

    Job Description:

    The contractor shall bring extensive knowledge and experience in delivering security administration support to the data center which includes incident reporting, planning, standards compliance, platform configuration management, cyber security vulnerability tracking (to include coordinating with customers and creating artifacts showing compliance), and the secure user access and management processes for the NPS Enterprise Data Centers.

    The Senior Information Security Specialist shall have experience creating and submitting an Assessment & Authorizations (A&A) package and all related documents.

    The Senior Information Security Specialist must have knowledge of hybrid (on-premise & cloud) data center environments to include evaluation and guidance on security control implementation on network, storage, server (Windows, Linux, Oracle) and platform (Microsoft Hyper-V and Azure Preferred).

    Responsibilities:

    • Responsible for the mapping and implementation of the necessary defined security controls as they relate to the current client infrastructure on client owned devices in accordance with government identified General Support Systems (GSS) and Subsystems
    • Develop, implement and maintain security related documents to include:
    • System Security Plans (SSP)
    • Risk Assessments
    • Risk Acceptance documentation
    • Security Impact Analyses
    • Contingency Plans
    • Incident Response Plans
    • Plan of Actions & Milestones (POA&M)
    • Independent Security Assessment (ISA)
    • Memorandum of Understanding (MOU)
    • Service Level Agreements (SLA)
    • Assessment & Authorizations (A&A)
    • Provide input to auditors, to include providing artifacts to support current configurations
    • Assess existing systems, applications, tools in addition to existing security processes for security implications and recommend improvements to strengthen security posture based on assessment
    • Conduct continuous monitoring to include maintenance of current ATO, monitoring compliance, conducting assessments, conducting periodic scans, auditing events and review of audit logs, ensuring media is properly secured before transit or sanitized before disposal
    • Provide recommendations to the NPS on methods to minimize security impacts of new requirements, technologies in accordance with policies, federal laws & mandates.
    • Develop, communicate, and enforce security policies, procedures and safeguards for all systems and staff, based upon Data Center and other government standards.

    Education, Experience, Skills:

    • 7+ years of broad work experience including administration, engineering, and security.
    • 5+ years of experience in network and system design, access control and implementation
    • 3+ years of experience supporting the administration of the NIST Risk Management Framework (SP 800-37) and the planning and implementation of security controls IAW NIST SP 800-53.
    • Experience assessing and hardening security configurations for operating systems, applications, and services.
    • In-Depth knowledge of TCP/IP addressing and standards including network design, firewall configuration, load balancing, remote access, strong authentication, vulnerability scanning, VPN and DMZ management
    • Understanding of scripting languages and technologies such as shell scripting, Perl, JavaScript, VBScript, or others
    • Technical knowledge and experience with application security, content filtering, network protocols, access control, encryption, and 2 factor authentication technologies
    • Understanding of common security protocols such as Kerberos, RADIUS, RSA, TACACS+, SSL, TLS, SSH, IPsec, S/MIME, PKI and SFTP
    • In addition, the successful candidate will:
      • Be able to separate fact from opinion and speculation.
      • Have excellent work prioritization, planning, and organizational skills.
      • Interact effectively with vulnerability reporters, system and network administrators, vendors, experts, Internet users, sponsors, policy makers, managers, and staff (i.e., stakeholders in the vulnerability disclosure process)
      • Be able to work with closely coordinated team during emergencies.
      • Have excellent analytical, reasoning, and creative problem-solving skills.
      • Have excellent written, oral communication skills.
      • Recognize and deal appropriately with confidential and sensitive information.
      • Be able to work meticulously with careful attention to detail.
      • Be able to collaborate effectively and work closely within a coordinated team environment.
      • Be able to quickly learn new procedures, techniques, and approaches.
      • Maintain composure while dealing with difficult people.
      • Communicate and work effectively under normal and stressful situations.
      • Be motivated and able to meet inflexible deadlines.
      • Possess strong leadership and mentoring abilities.
      • Be motivated to tackle challenging problems.