CSRA is seeking a Senior Security Lead.
Help support the Government Accountability Office in its mission to save all US taxpayers money. Our customer is passionate about their mission and we are tasked with keeping their IT services running smoothly, to help them achieve their goals. The auditors in this 4000 user community are subject area experts in all facets of government and industry best practices. We take great pride in supporting their wide scope of technology needs.
Responsibilities: Manages resources to include personnel, shift scheduling and technology strategy to meet Service area Metrics; communicates with management; serves as organizational point person for business-critical incidents; provides overall direction for the SOC and input to the overall security strategy.
The SOC typically will leverage internal and external resources in response to and recovery from the incident. It is important to recognize that a SOC may not always deploy countermeasures at the first sign of an intrusion. There are three reasons for this:
? 1. The SOC wants to be sure that it is not blocking benign activity.
? 2. A response action could impact a constituency?s mission services more than the incident itself.
? 3. Understanding the extent and severity of the intrusion by watching the adversary is sometimes more effective than performing static forensic analysis on compromised systems, once the adversary is no longer present.
To determine the nature of the attack, the SOC often must perform advanced forensic analysis on artifacts such as hard drive images or full-session packet capture (PCAP), or malware reverse engineering on malware samples collected in support of an incident. Sometimes, forensic evidence must be collected and analyzed in a legally sound manner. In such cases, the SOC must observe greater rigor and repeatability in its procedures than would otherwise be necessary.
- Identifies significant actual and potential cyber security problems, trends, and weaknesses and recommends specific modifications and solutions to reduce information systems security risks.
- Provides architectural design and coordinates the implementation of security solutions to integrate into existing network environment. Establishes requirements and makes recommendations on the appropriate infrastructure protection tools, methods, and technologies.
- Develops strategies for responding to future security challenges. Demonstrates effectiveness of the program for implementation on an organization-wide basis.
- Reviews established policies, writes policy guidance and standards, and presents them to management for endorsement. Establishes technical or procedural enforcement's for pertinent policies within the organization. Facilitate organizational-wide communications and institutes measures to ensure information security awareness and compliance.
- Reviews proposed new systems, networks, and software designs for potential security risks, and resolves integration security issues across disciplines. Defines the scope and level of detail for applicable security plans and policies.
- Implements and interprets the requirements of GAO, FISMA, OMB, NIST, and other federal government policies, mandates and standards. Develops the project plan for the implementation, identifies major milestones and activities, and coordinates development and implementation.
- Acts as a key member of Incident Response Team, and may be called upon to represent ISSG in the investigation of serious information systems security violations that potentially impact the integrity of GAO?s infrastructure. Recommends action for containment and remediation based on findings, and following up to ensure the implementation of corrective actions.
- Leads SOC, and manage and participate SOC daily operations. Activities include but not limited to network operations support, end users support, troubleshooting, incident handling, regular security metrics and contractual performance reporting.
- The candidate should be capable of investigating and rapidly responding to security incidents. He should have the skills necessary to acquire, analyze, and interpret packet captures and logs to accomplish rapid and accurate incident response.
3-6 experience as a UNIX or Windows system administrator, and additional experience as a system security administrator in a heterogeneous system/network environment.
- Extensive knowledge and current hands-on experience in following areas:
Project management skills: Ability to develop plans and projects for information security systems that anticipate, identify, eliminate, and prevent information system vulnerabilities; to develop a security incident response policy; and, to lead the implementation of an intrusion detection and prevention program designed to anticipate and eliminate system vulnerabilities.
- Network Security Monitoring and Protection: Mastery of information systems security principles, concepts, and methods. Ability to identify threats and risks, design and implement security controls. Hands-on experience configuring and deploying Network/Application/Host based Firewalls, IDS/IPS, Netflow analyzers, Web Proxy, VPN, Centralized log systems, etc. (Preferably CISCO ASA, Fortigate, SourceFire, FireEye MSO/MIR/WMPS/EMPS, LogRhythm, Symantec, WebSense, SPLUNK, etc.)
- Incident Handling: Intimate knowledge of security incident lifecycle, process, coordination, communication, and reporting.
- System and Application Vulnerability Management: Intimate knowledge of the SCAP-compliant vulnerability management systems and web application security analysis tools. (Preferably Tenable Security Center, Nessus, McAfee MVM, etc.)
- Networking: In-depth knowledge of network protocols, routing, VLAN, switching, and the ability to utilize packet sniffers and analyze packet traces. (Preferred: CISCO routers and switches, Wireshark, Ethereal)
- Operational Systems: Extensive hands on experience with configuring, securing, monitoring and troubleshooting client and server class OS. Practical knowledge of computer forensics methods and procedures. (Preferred: Windows 7/2008/2012, Linux (RHEL/Centos 6/7))
- Virtualization Technologies and Security: Broad knowledge in VMware and Citrix and their implementation in server virtualization and VDI. Design, plan, implement and operate security solutions to provide monitoring and protection of virtual environments. Examples to include but not limited to HyTrust, Catbird, Gigamon, and Symantec.
- Policy and compliance: Familiarity with Federal Government policies and regulations. Knowledge of systems security control assessment (SCA) requirements and processes to certify systems or acquire network authorization as well as Authorization to Operate (ATO).
- Preferred Certifications: Network and System related certifications highly desired.