Senior Security Assessment & Authorization Engineer - Military Veterans Wanted
2019-02-13 ManTech (www.mantech.com)
Entering ManTech’s 50th year, we hold the distinct honor of being named a “Top 100 Global Technology Company” by Thomson Reuters. We have earned this and many other accolades over the years for our dedication to serving the missions of our nation’s most important customers: U.S. Intelligence, Defense and Federal Civilian agencies. All know us as a trusted partner offering best-in-class solutions in cyber, data collection & analytics, enterprise IT, and systems and software engineering tailored to meet their specific requirements.
Become an integral part of a diverse team in the Mission, Cyber and Intelligence Solutions (MCIS) Group. Currently, ManTech is seeking a motivated, mission oriented Information Security Assessor and Authorization, in the Washington, DC, with strong Customer relationships. At ManTech, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
The FSS Division provides cyber solutions to a wide range of Defense and Intelligence Community customers. This division consists of a team of technical leaders that deliver advanced technical solutions to government organizations. Our customers have high standards, are technically adept, and use our products daily to support their mission of protecting national security. Our contributions to our customer’s success is driving our growth.
The Information Security Assessor will be a key team member of a security assessment team that will conduct monthly on-site IT security assessments for a federal government client.
Conducting interviews with key client stakeholders to evaluate the current information security practices.
Evaluate management, operational, and technical security policies and procedures.
Reviewing security policy and procedural documentation.
Reviewing network architecture diagrams and evaluating network access controls.
Reviewing system configuration data to identify security weaknesses.
Developing recommendations for security issues and vulnerabilities identified during assessments.
Communicating results to clients ranging from technical staff to executive management.
Proficient in using various network/vulnerability scanning tools (e.g. Nessus, NMAP). Candidate should not only be able to run scans but also interpret scan results and make appropriate recommendations.
Provide ongoing subject matter expert support for clients.
Conduct approximately 12-18 assessments each year across the United States.
25% travel involved.
Must possess 8 years’ experience and IT Security standards and must involve broad range of security technologies to include wide area networks, host and network IDS, virtual private networks, remote access, Web Application Firewalls and Static Code Analysis.
Must possess 6 years of experience performing security assessments and compliance assessments with NIST, PCI DSS, ISO 27001/27002, or other security control frameworks.
Experience must include analyzing security controls and developing solutions to security problems.
Must have experience analyzing configuration files of firewalls, routers and switches.
Must possess one of the following certifications: CAP, Security+, Network+, CEH, CCNA, CISM, GSEC, OSCP, CCSP, CSA+, GSNA, ISSA, ISSM etc.
Must possess CISSP or CEH or willing to obtain within 6 months of hire.
Expertise with Nessus or similar scanning tool (Wireshark, NMAP, Metasploit, AppScan,Burp, Nessus, Nexpose, Nikto, Retina, WebInspect, Nipper, etc).
Technical Background (Server Administration, Networking or other technical discipline)
Experience conducting interviews with client teams ranging from technical IT staff to senior executives.
Experience performing assessments of information security policies and procedures.
Experience evaluating the following IT security disciplines: continuity planning, contingency planning, disaster recovery planning, incident response, personnel security, access management, security awareness training.
Strong verbal and written communication skills are highly preferred.
Candidates may be asked to provide a writing sample.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable.