ActioNet, Inc Information System Security Specialist (Mid/Senior) in Washington, District Of Columbia
Information System Security Specialist (Mid/Senior)
IT/Cyber Security/Network Systems
Position at ActioNet
ActioNet is looking for an information system security specialist for a new long and stable (5 years) contract with the US Courts in Washington DC.
Primary areas of concentration include:
• Determining impact of new technology or policy (e.g., social networking, cloud computing, virtual environments, etc.) on ASO Information Security program
• Providing support to the staff in reviewing, updating and maintaining information security policy, guidance documents, templates, and materials, to ensure all documentation reflects and incorporates changes in processes or procedures
• Recommending, reviewing, updating existing and/or developing new Information Security policies, handbooks, standards or procedures
• These updates shall be based upon research, investigation, and analysis of changes in judiciary, department, and ASO specific policy/regulations/mandates
• Incorporating new judiciary policies, procedures and controls into existing ASO security related documents
• Supporting documentation efforts and providing comprehensive system security planning and lifecycle management
• Documentation includes security documentation, lifecycle documentation, standard operating procedures, network diagrams, system-level security requirements and security specifications
• Providing expert analysis and document preparation support for various analytical efforts focused on processes and procedures
• Generating regular and ad-hoc security dashboards, reports, and metrics
• Information system security may also include drafting security documentation, monitoring, scanning and identifying vulnerabilities, recommending improvements to deficient areas and implementing security requirements. The Judiciary tool-kit includes, but is not limited to, the following tools: Nessus, AppDetective, AppScan, SuperScan, McAfee Foundstone, and Nipper Studio. This role must be familiar with and have previous experience with the security assessment and continuous monitoring processes and the NIST SP 800-37 and NIST SP 800-53 standards
• FISMA experience
• Experience with Xacta
This candidate shall be required to provide the following types of information system security and continuous monitoring support services. The primary areas of concentration include:
• Providing technical assistance to ISSOs, Business Owners and System Owners related to the program security assessment and continuous monitoring processes;
• Assisting in the development of system security documentation including but not limited to Security Plan, Security Assessment Report, Risk Assessment Report, Risk Remediation Plan, Contingency Plan, System Policies, Incident Response Plan, MOU/MOA and System Boundary Documentation;
• Designing, developing, and implementing a continuous monitoring process for client information systems to provide periodic assurance to senior management on the security protections of client information systems;
• Assisting in the periodic assessment of identified subset of security controls for client information systems;
• Reviewing and providing feedback on system security and security control assessment documentation;
• Providing support services to SDIS staff on performing or updating a risk assessment, and developing or updating contingency plans based on risk assessments;
• Reviewing raw data from Automated Vulnerability scanning tools;
• Identifying, monitoring, and supporting the ASO information security deficiency tracking and remediation process for all DAS information systems to include providing specific guidance and technical support in the form of standards, policies, procedures, and oversight; and
• Generating regular and ad-hoc security dashboards, reports, and metrics.
• ActioNet is hiring both junior and senior resources for this contract.
To be considered senior you must have expertise in the following areas:
• Identifying and assessing vulnerabilities in DAS information systems and their environment of operation across the system life-cycle;
• Identifying, specifying, designing, and developing protective measures to address system vulnerabilities;
• Identifying and evaluating protective measures to ascertain their suitability, effectiveness and degree to which they can be expected to reduce mission/business risk;
• Providing assurance evidence to substantiate the trustworthiness of protective measures;
• Identifying, quantifying, and evaluating the costs and benefits of protective measures to inform engineering trade-off and risk treatment decisions;
• Providing guidance and technical support in the form of standards, policies, procedures, and oversight of DAS information systems in regards to potential incidents and events that are identified;
• Performing technical risk assessments and/or develop alternatives of various system interfaces and/or architectures;
• Determining impact of new or revised Judiciary policy, legislation and regulations;
• Providing security engineering subject matter expertise in future enterprise architecture updates and proposed information security mechanisms;
• Conducting research and presenting analyses to evaluate and/or determine emerging industry technology trends, Government agency best practices and security issues; and
• Providing briefings and delivering written guidance or assessments in the form of whitepapers or presentations related to security engineering risk identification and mitigation, and emerging industry issues and best practices.
ActioNet is an Equal Opportunity/Affirmative Action employer
All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age (40 or over), or genetic information. ActioNet’s commitment to diversity and inclusive selection practices includes ensuring qualified long-term unemployed job seekers receive equal consideration for employment.
The ActioNet Career Center is accessible to any and all users. If you would like to contact us regarding the accessibility of this portal or you need assistance completing the application process, please contact Jonathan Dobles, Technical Recruiter, at 703-204-0090 ext 195 or JDobles@ActioNet.com. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.