WiredPeople seeks qualified applicants for an open IT Security Specialist position located in Bethesda, Maryland.
The IT Security Specialist is a hybrid position that will be focused on continuous monitoring implementation and security program support in the areas of A&A, risk management, policy implementation, and security integration in the SDLC. This position will support the Information Systems Security Officer (ISSO) and will facilitate FISMA compliance for NIH General Medical Sciences (NIGMS) systems. The IT Security Specialist must possess experience utilizing the Tenable Security Center and Nessus to develop, configure and/or execute scan policies, develop and configure Nessus reports and dashboards, and support the SA&A team with technical testing. Compliance services ensure that the ISSOs have the necessary information throughout the lifecycle of each system.
The candidate shall demonstrate competency in the NIST Special Publications, OMB guidance, FISMA as it relates to security and experience in implementing continuous monitoring tools such as Nessus, Burp, BigFix, and Tivoli. Services include the following:
- Configure and implement security tools to support continuous monitoring including web application scans using Burp Suite, develop, configure and execute network scan policies using Nessus, and configure and implement BigFix, ArcSight, and Tivioli to support continuous monitoring activities.
- Extract data from continuous monitoring tools to support dashboard analytics. Must be able to demonstrate proficiency in developing dashboards and reports with Nessus.
- Perform security control testing to support SA&A activities.
- Support the development of configuration management plans, contingency plans, and disaster recovery plans.
- Support Incident Response planning and implementation.
- Support the development of security policy and procedures necessary to implement the requirements of the NIGMS IT Security Program.
- Review National Institute of Standards and Technology (NIST) publications applicable to FISMA and other directives for applicability to the NIGMS IT Security Program.
- 3-5 years of IT security experience.
- Experience in implementing continuous monitoring technologies.
- Experience in performing continuous monitoring activities using Nessus vulnerability assessment scans.
- Experience with extracting data from continuous monitoring tools to support dashboard analytics. Must be able to demonstrate proficiency in developing dashboards and reports with Nessus.
- Experience evaluating the security controls of complex IT networks and systems connected to those networks
- Experience in conducting system assessments and authorizations (formerly known as C&A, including experience in determining SA&A boundaries.
- Comprehensive understanding of the federal IT system development life cycle and how security is to be integrated into the process
- Sound understanding and experience regarding relevant federal (e.g., FISMA, Privacy Act, HIPAA, NIST, OMB, and FIPS) information technology security regulations, standards, policies, and procedures.
- Experience in researching new or emerging technologies and processes that may be incorporated as solutions to reoccurring security concerns
- Experience in reviewing IT security policies for compliance making recommendations if needed.
- Technical background with a variety of computer hardware, software, and communication systems including system integration, network architectures, and physical logical communication systems/devices.
- Must possess skills in developing, configuring, and executing Nessus scan policies. Must also have skills in creating Nessus reports and dashboards.
- Must have skills using continuous monitoring technologies.
- Must have exceptional written and oral communication skills.
Education, Certification, and Clearance Requirements:
- Bachelor's degree in a computer related or security field.
- Must possess Public Trust security clearance.
- Security Certification (i.e., CISSP, CISA) is a plus.