Home > Northern Virginia jobs > Northern Virginia computer/technical

Posted: Saturday, November 4, 2017 4:49 AM

Job Description: POSITION SUMMARY: Manages extensive security evaluations of major information systems and networks and the remediation of security control weaknesses, prepares evaluation reports, presents recommendations. Conducts trade off analyses of products for clients to determine optimal informant security solutions. Maintains a high level of familiarity with the major Federal Government Information Security policy guidances and directives. Works independently in an expert role at customer site or provides team leadership to a group of information security professionals. RESPONSIBILTIES: The Customer maintains on:going awareness of Enterprise and Mission information systems, vulnerabilities, and threats to enhance mitigation solutions and risk decisions. This position will at times support activities in order to target, assess, exploit and report risks and vulnerabilities of organization systems in order to provide senior decision makers with actionable data to make strategic investment decisions. The engineer coordinates planning, scheduling, and testing of projects in the Certification and Accreditation (C and A) / Authorization and Accreditation (A and A) process. The engineer will produce actionable correspondence to provide insight for further analysis and response within the SponsorA?s division and to external customers. The duties include examining the customer information systems to determine if vulnerabilities exist and, if they are found, what mitigating strategies can be applied. The end goal is to ensure the integrity of the information systems by identifying and mitigating potential avenues of exploitation, including system level attacks and user level attacks. Roles and RESPONSIBILITIES include but are not limited to: A: Conduct hands:on security testing, analyze test results, document risk, and recommend countermeasures. Provide targeting insight to team members based upon active vulnerability assessments. A: Provide documentation to Client which describes all identified system risks, planned test procedures taken and test results A: Provide enhancement capabilities and SOPs to assessment operations for execution and implementation A: Review and make recommendations on program:level documentation (e.g., requirements specification, system architecture, design documents, test plans and security plans) A: Develop and document security evaluation test plan and procedures A: Assist in researching, evaluating and developing relevant Information Security policies and guidance A: Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events A: Brief management, as needed, on the status of action items and/or results of activities A: Coordinate with other program elements conducting security testing A: Identify mitigating countermeasures to identified threats, vulnerabilities and shortfalls A: Identify needs for testing equipment and gaps in testing capabilities; conduct research on and evaluation of automated testing tools and provide summaries and reports to Client on the tool capabilities, in support of potential procurement by the Customer A: Develop, assemble, and submit C and A/A and A testing results reports that document testing activity and results to support the creation of risk assessments and approval packages A: Work with stakeholders as well as technical and analytical counterparts to define constraints, and develop requirements and concept of operations documentation. A: Work with stakeholders to identify best:fit technical solutions for business unit needs. Identify technical risks and develop mitigation strategies. A: Provide assistance to project or program teams. Provide conceptual design, prototype, and test cycles appropriate to a chosen technical solution. A: Identify and manage dependencies with other systems and elements of the IT infrastructure. A: Evaluate industry offering to identify products and technologies


• Location: Northern Virginia

• Post ID: 40502917 nova is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2017