---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Information Assurance Engineer
Location: Arlington, Virginia, United States
Type: Permanent F/T
Closing Date: 2008-05-19
ISSO (355)
Applicants selected will be subject to a government security investigation and
must meet eligibility requirements for access to classified information. Top
Secret clearance required with the ability to get SCI access.
This person would be responsible for providing ISSO support to include:
• Incident response
• Certification and accreditation
• Security accounts management
• Audit review using ArcSight Manager
• Providing security guidance and expertise
• Performing/reviewing periodic self-assessments
• Performing all security related activities throughout a system’s
lifecycle.
• Ensures systems are operated, maintained, and disposed of in accordance
with security policies and practices outlined in the approved accreditation
package.
• Ensures that all users have the requisite security clearances,
authorization and need-to-know, and are aware of their security
responsibilities before granting access to the IS and administers/witnesses
signed user agreements (also known as User Briefing and Acknowledgement
Statements, See Appendix C, Exhibit 12).
• Reports all security-related incidents to the ISSM.
• Initiates, with the approval of the ISSM, protective and corrective
measures when a security incident or vulnerability is discovered. Monitors
system recovery processes and ensures the proper restoration of the IS security
features.
• Develops all required C&A documentation (as described in Chapter 3 and
Appendix C) and maintains the SSP.
• Conducts periodic reviews (self assessments), on at least an annual
basis, to ensure compliance with the SSP.
• Ensures configuration management (CM) for security-relevant IS software,
hardware, and firmware is maintained and documented. If a CM board exists, the
ISSO may be a member of the CM board, if so designated by the ISSM.
• Facilitates SCO activities throughout the C&A process.
• Oversees system recovery procedures.
• Disseminates controls and manages the issuance of user identifications
and passwords for assigned systems and provides authorized list(s) to
appropriate system administrators for implementation.
• Ensures that system security requirements are addressed during all
phases of the system lifecycle.
• Establishes audit trails and ensures their review, and makes them
available, when required, to the ISSM. Retains audit logs in accordance with
FBI policy.
• Ensures awareness and precautionary measures to prevent introduction
and/or proliferation of malicious code.
• Manages review and release of media and/or memory components.
JOB REQUIREMENTS
---------------------------------------------------
A working knowledge of system functions, security policies, technical security
safeguards, and operational security measures. Must possess a C&A background.
Working with NIST standards is a plus. Must possess a minimum of 5 years of
related security experience. CISSP or similar certification is a plus.
CONTACT
---------------------------------------------------
To submit your application, please send your resume to
andrea.rodway@knowledgecg.com
Knowledge Consulting Group
Andrea Rodway
Sr. Recruiter
andrea.rodway@knowledgecg.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
