Senior Cyber Security SME

Overview

Design. Disrupt. Repeat.

Be an agent of change on a team committed to achieving client-focused, mission-driven excellence. Steampunk is looking for an experienced Information Systems Security Officer Team Lead with an appetite for taking on new challenges.

Contributions

The ISSO Team Lead serves as a Lead Cyber Security Specialist and will perform level III ISSO and/or ISSO support responsibilities as well as Team Lead responsibilities to include:

• Leading a team of ISSOs including prioritizing continuous monitoring schedules, performance management, and customer relationship management.

• Ensuring that all ISSOs within the program area are properly trained on ISSO activities.

• Providing security-related expertise and mentorship to junior ISSOs within the program area.

• Supporting personnel management activities for the program area team.

• Ensuring that security requirements for the assigned major application or general support system are being or shall be met.

• Ensuring that requests for security authorization (also referred to as C&A) of assigned major application or general support systems are completed in accordance with the published procedures.

• Ensuring that protective measures for physical security threats are in place.

• Ensuring compliance with all legal requirements concerning the use of commercial proprietary software, e.g., respecting copyrights and obtaining site licenses.

• Maintaining an inventory of hardware and software within the program/development offices or field site facilities.

• Coordinating the development of a Contingency Plan and ensuring that the plan is tested and maintained.

• Ensuring risk analyses are completed to determine cost-effective and essential safeguards.

• Ensuring preparation of security plans for sensitive systems and networks.

• Attending security awareness and related training programs and distributing security awareness information to the user community as appropriate.

• Reporting IT security incidents (including computer viruses) in accordance with established procedures.

• Reporting security incidents not involving IT resources to the appropriate security office.

• Providing input to appropriate IT security personnel for preparation of reports to higher authority concerning sensitive and/or national security information systems.

Qualifications

Job Requirements

• Bachelor’s Degree in related IT field

• Ability to obtain a U.S. government Security Clearance

• Eight years of IA experience; 3 of which must be FISMA-related

Required Skills

• Experience leading teams of information security professionals

• Demonstrated ability to apply extensive knowledge of a variety of the IA field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems

• Knowledge of NIST SP 800 family of publications, particularly those associated with risk management policy and procedures

• Extensive specialized knowledge of financial audit standards, classified system IA requirements, Privacy Act requirements, or Critical Infrastructure Protection

• Experience with evaluating systems, networks, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines

• Extensive knowledge and experience with three (3) of the four (4) following criteria:
- Vulnerability scanning execution, assessment, and analysis
- Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN])
- Information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies
- Application security, database security, and network security

• Demonstrated ability to assess and weigh current and evolving security threats in an operational environment

• Knowledge of DHS Information Security Policy Directives and Handbooks

• Experience with Azure

Required possession of one or more professional security certifications, including but not limited to:

• Certified Information System Security Professional (CISSP)

• Certified Information Systems Auditor (CISA)

• Certified Ethical Hacker (CEH)

Preferred Skills

• Demonstrated ability to rely on extensive experience and judgment to plan and accomplish…