Senior Manager Information Security
- Full Time
The Senior Security Engineer/Information Security Senior Manager leads the design, development, implementation, compliance and maintenance of IT Security policies, procedures, tactical and strategic measures/mechanisms to protect the confidentiality, integrity, and availability of information for the Department. He/She manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.The Senior Security Engineer/Information Security Senior Manager is responsible for the day-to-day security coordination and operations across the Federal Customer’s IT enterprise. Demonstrates knowledge and experience in all facets of enterprise Security Management including but not limited to: Enterprise Risk Management, Vulnerability Management, Information Management, Information Systems Security Oversight, Cyber Security, Security Education and Awareness, Continuous Monitoring and Reporting, and other traditional security operations center activities.Performs threat monitoring and analysis, incident response, vulnerability management, risk management, continuous monitoring and reporting and other traditional security operations center activitiesProvides detailed analysis services related to digital analysis, Cyber Intelligence, Cyber actions addressing insider threat, and threat research to identify potential threats and associated risks to the various enterprise components.Interfaces with clients, service providers and other vendors in the IT ecosystem to understand their security needs and oversees the development and implementation of procedures to accommodate them.Identifies, performs, and tracks vulnerability remediation and mitigation activities through the Federal Department’s Plan of Action and Milestones process (POA&M).Develops and engages in periodic evaluations of systems to ensure that appropriate security controls and access levels are in place and maintained. Works hand-in-hand with the Federal Customer’s CISO and the Program Manager on risk identification/mitigation as well as CSI initiatives/activities. This role requires the development, documentation, and the maintenance of repeatable processes/procedures to determine, measure, and report to management an accurate view of significant, current, and near-future enterprise security related risks.Other duties include: 1. Supervises assigned staff. 2. Recognizes potential, successful, and unsuccessful intrusion attempts and compromises through reviews and analyses of relevant event detail and summary information. 3. Perform preliminary forensic evaluations of internal systems. 4. Ensures that the user community understands and adheres to necessary procedures to maintain security. 5. Maintains current knowledge of relevant technology as assigned. 6. Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation 7. Maintains current knowledge of relevant technology as assigned. 8. Participates in special projects as required. Education 1. Bachelors Degree in Computer Science or a related engineering discipline2. Certified Information Security Manager (CISM) or CISSP certification required. Qualifications
- 12 – 15 years of experience.Must have an active Top Secret Clearance.Experience supporting a Federal Agency CISO or Federal Security Manager.Expert knowledge and application of Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology (NIST) standards.Significant experience with Enterprise Risk Management with hands-on experience coordinating risk mitigation/POA&M with systems, network/security operations teams.Significant hands-on experience establishing, monitoring and managing a 24x7x365 Security Operations Center (SOC).Experience leading a security team to carry out remediation efforts on affected systems; initiated measures to proactively defend against cyber-attacks targeting the Federal Agency; and addressed policy violations, disclosure of sensitive information, and classified information spillage.Knowledge and experienced with SSL/IPSec VPNs, IPS, DLP, Application Security, Load Balancing, Traffic Shaping, Wireless, Web Content FilteringKnowledge and significant hands-on experience installing, supporting and managing firewalls for a Federal AgencySignificant hands-on experience installing and configuring Checkpoint Firewall-1on various Platforms.Experience leading and managing a team of security engineers and SMEs Understanding of and experience supporting MacAfee and Symantec security tools/products in a Federal IT environmentStrong working knowledge and significant hands-on experience with Patch Management Experience performing Network security and Vulnerability assessments for Federal clients.Strong background installing, troubleshooting, repairing and documenting problems with Windows 2003/2000/NT, Active Directory, DNS, TCP/IP, DHCP, DFS and Microsoft Exchange.Experience installing and supporting Red Hat Linux ServersExperience developing Local and Global Security Policies for Compliances.Successful installation, configuration and maintenance of Intrusion Detection Devices within a Federal IT enterprise.Experience establishing, maintaining, and executing standard configuration management processes for cybersecurity software and hardware.Knowledge of and ability to provide Information Security and Information Assurance solutions centered around hybrid cloud and other services such as ServiceNow.