CISSP Jobs - Senior IT Security Subject Matter Expert, 11241

at Apex Systems
Location Suitland-Silver Hill, MD
Date Posted April 28, 2018
Category Default
Job Type Full-time

Description

*Apex Systems is looking for a Security SME. Must be clearable and posses a CISSP!*

Information Security SME

Suitland, MD

Apex Systems is looking for an Information Security SME Suitland, MD.  The Information Security SME is responsible for making recommendations for the implementation of security requirements based on laws and regulations in line with FISMA guidelines.  Successful candidates will have experience in the planning, creating, and testing of Information Security Systems and Networks.  This position will process you for a DoD Secret Clearance or can hold up to a Top Secret Clearance.  A CISSP is required for consideration for this position.

If you are interested in learning more about this opportunity, email your resume to [Click Here to Email Your Resumé] and indicate a good time to speak.

Responsibilities:

  • Recommend implementation of security requirements based on laws, regulations or Presidential directives in compliance with Federal Information Security Management Act (FISMA) Cyber-security initiatives
  • Review proposed new systems, networks, and software for potential security risks
  • Advise Program Management Office (PMO) personnel on the applicable security tasks based on the Program’s System Development Life Cycle (SDLC) phase
  • Review security related product selection and implementation activities
  • Participate and provide security SME guidance in Vendors Source Selection process
  • Define the scope and level of detail for security plans applicable to the system
  • Identify need for changes based on new security technology and evolving threats
  • Review security incident response policy, manage security incident procedures
  • Responsible for planning and coordination of A&A activities for the Program/System

Technical Qualifications:

  • Extensive experience in enterprise security program development and implementation, enterprise security SOP & policy creation, designing and delivering employee security awareness training, and managing security staff.
  • Ability to evaluate risks to the company and articulate issues, develop consensus, raise awareness, and provide and implement solutions.
  • Have experience with the System Development Life Cycle (SDLC) and the activities associated within each phase primarily planning, creation, and design
  • Have experience with analyzing vulnerabilities and providing guidance on secure IT implementation of various
    • Operating systems (e.g. Windows, Unix, Linux, and Mac)
    • Applications (e.g. Oracle, SQL Server, Apache, IIS)
    • Network devices (e.g. switches, routers, firewalls)
  • Experience conducting cybersecurity audits of Federal Systems to ensure appropriate implementation and security compliance
  • Performing and providing vulnerability assessment results and recommendations
  • Assessing known systems vulnerabilities and verifying system hardening and patching activities to ensure compliance with applicable Security Requirements and related checklists
  • Working knowledge of cyber security toolsets
  • Experience with network and system security administration, including operating system security configuration and account management best practices for Operating Systems
  • Understanding of Systems Engineering requirements, specifications, and demonstrated experience implementing Federal A&A processes, assessing and validating compliance with security controls and developing and maintaining associated documentation.
  • Have detailed knowledge of the latest versions of the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, 800-60, etc.
  • Have experience with identification, documentation, and testing of security controls for information technology systems in accordance with the above NIST guidance
  • Have experience with identification of security risks (threat/likelihood/impact) to the system, networks, and organization and documenting risks for management review

Requirements:

  • CISSP Certification required
    Must be a US citizen eligible to obtain a DoD Secret clearance and a High Risk Public Trust clearance
  • Ability to interface with customers of various levels, to include but not be limited to Program Management Office (PMO), Authorizing Officials, Information System Owners, Independent Security Assessment Team and Technical system personnel
  • Excellent verbal/written communication skills
  • Excellent interpersonal skills
  • Able to work in a team environment
  • BS or equivalent + 10+ years related experience, or MS + 7+ years related experience