ISSO-Security Engineering and Architecture
Job Title: ISSO-Security Engineering and Architecture
Job ID: 170292 Location: DC -Jackson Graham Bldg-8th Fl
Full/Part Time: Full-Time
Posting Open-Close 06/02/2017
Regular/Temporary: Regular Job Description
All WMATA posted job openings are available through 11:59 pm the night before the noted Close Date. To ensure successful submission of application applicants are encouraged to apply well before this cut-off. The noted Close Date is the date on which the posting is automatically removed from the website as of 12:00am at which time submission of an application is no longer possible. (WMATA reserves the right to remove postings at any time without notice as business needs demand.)
ISSO – Security Engineering and Architecture marketing statement
- Proven experience with implementation of designing security architecture
- Experience with implementing defense-in-depth methodology for all new systems & services: defining the "depth" metric required for given systems to meet requirement
- Identifying & remediation of "weakest links" in existing systems/services e.g. EOL/EOS hardware and software; developing methodology to measure as a function of level of vulnerability
- Assess presently managed systems for any single points of failure and designing a redundant solution
- Assessing risk levels of network components to ensure risk threshold is surpassed - development of risk threshold metric
- Assess viability of cloud based services (e.g. AWS, Azure) impact on existing security implementation
- Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems, log management, content filtering, load balancing, etc.
- Work independently. Developing security solutions in a complex network environment
- Thorough understanding of the latest security principles, techniques, and protocols
- Understanding of the OSI model and well-known ports and services
- Understanding of PCI-DSS, ISO27001, NIST, CIS and information security requirements
- Ability to multi-task in fast paced environment and automate operational tasks
- Tool Knowledge: Working knowledge of Juniper, Palo Alto, Cisco appliances, F5 Load Balancers, Security Devices
- CISSP certification is preferred, Project Management or Supervisory or lead experience is highly desired
- Knowledge of firewalls, IPS & IDS and to manage, configure and build out infrastructure
Extensive and progressively more responsible and diversified experience and expertise with information security engineering, operations, or management.
Graduation from an accredited college or university with a Bachelor’s Degree in Computer Science, Engineering, or Mathematics and five (5) years experience in progressively responsible and diversified executive level information systems, information security, data processing management and technical experience in a large organization including extensive experience in the development of major IT policies and related supervisory experience.
Or, an equivalent combination of post-high school education, and at least eleven (11) years of experience in progressively responsible and diversified executive level information systems, data processing management and technical experience in a large organization including extensive experience in the development of major IT policies and related supervisory experience.
Satisfactorily complete the medical examination for this position, if required. The incumbent must be able to perform the essential functions of this position either with or without reasonable accommodations.
The ISSO will manage the confidentiality, integrity, and availability of Metro's information and resources. The ISSO will have broad knowledge of security policies, procedures and best practices, along with hands-on experience designing, implementing and supporting security products and technologies.
The incumbent of this position is responsible for tactical direction of security policy and systems development, implementation, and technical oversight of the Metro IT Security Program as directed by the Chief, IT Security. Under the direction and supervision of Deputy Chief, IT Security, the ISSO will:
Generate, review, and submit system security plans for relevant systems and implement security policy throughout the system’s life cycle and provide technical engineering services for the support of integrated security systems and solution.
Plan and develop security measures to safeguard information and systems against accidental or unauthorized modification, destruction, or disclosure.
Identify deficiencies with information systems and recommend/implement design changes as appropriate.
Participate in investigations of suspected information security misuse or in compliance reviews as needed.
Communicate unresolved security exposures, misuse or non-compliance situations to management.
Ensures security-related documentation is created and updated in a timely manner and recommends installation, modification or replacement of any system component, hardware or software, and any configuration change that affects the confidentiality, integrity, and availability of The Authority’s systems.
Use extensive knowledge of the Metro's business/industry to identify technological developments and evaluate impacts on the client's business.
Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services.
Manage group(s) responsible for technical security which includes firewalls, content servers, mutli-factor authentication, disk encryption, load balancers, intrusion detection prevention systems, anti-virus, certificate servers, desktop firewalls and vulnerability scanners.
Maintains and recommends to the Chief, IT Security methods to maintain strict confidentiality in respect to all WMATA records kept in any electronic or magnetic form, including those developed or maintained by the Board of Directors or WMATA with regard to labor relations and collective bargaining. Maintains strict confidentiality with respect to his or her access to "sensitive" information relating to the Authority's business including but not limited to collective bargaining.
The above duties and responsibilities are not intended to limit specific duties and responsibilities of any particular position. It is not intended to limit in any way the right of supervisors to assign, direct and control the work of employees under their supervision.
Consideration will be given to applicants whose resumes demonstrate the required education and experience. Applicants should include all relevant education and work experience.
Evaluation criteria may include one or more of the following:
- Personal Interview
- Skills Assessments
- Verification of education and experience
- Criminal Background Check
- Credit history report for positions with fiduciary responsibilities
- Successful completion of a medical examination including a drug and alcohol screening
- Review of a current Motor Vehicle Report
Washington Metropolitan Area Transit Authority, a Federal contractor, is an Equal Opportunity / Affirmative Action employer. All qualified applicants receive consideration for employment without regard to race, color, creed, religion, national origin, sex, gender, gender identity, age, sexual orientation, genetic information, physical or mental disability, or status as a protected veteran, or any other status protected by applicable federal law, except where a bona fide occupational qualification exists. Our hiring process is designed to be accessible and free from discrimination.
This posting is an announcement of a vacant position under recruitment. It is not intended to replace the official job description. Job Descriptions are available upon confirmation of an interview.