• Lead Security Operations Specialist

    Posted Date 1 month ago(12/24/2018 10:47 AM)
    Job ID
    2018-3264
    # of Openings
    1
    Job Location(s)
    US-MD-Bethesda
    Category
    Information Technology
  • Overview

    Medical Science & Computing (MSC) is an exciting growth oriented company, dedicated to providing mission critical scientific and technical services to the Federal Government. We have a distinguished history of supporting the National Institutes of Health (NIH) and other government agencies. MSC offers a dynamic and upbeat work environment, excellent benefits and career growth opportunities.

     

    We attract the best people in the business with our competitive benefits package that includes medical, dental and vision coverage, 401k plan with employer contribution, paid holidays, vacation, Medical and Flexible Spending Accounts, Pre-Tax Transit Assistance and tuition reimbursement. If you enjoy being a part of a high performing, professional service and technology focused organization, please apply today!

     

    Duties & Responsibilities

    Medical Science & Computing is searching for a Lead Security Operations Specialist to provide and manage the activities involved in creating and maintaining security devices and infrastructure for systems at the National Institutes of Health (NIH) to include providing Security Operations Technical Support and Security Assessment and Authorization Support, and Information Security Governance and Risk Management.

    • Provide expertise with the management and administration of mechanisms by which a system grants or revokes the right to access data or perform an action on a information system.
    • Define the user, services, and resources to which will provide accountability of operational access control mechanisms and collections.
    • Enforce all regulations, policies, standards, guidelines, and processes and procedures of access control.
    • Provide expertise and ability to demonstrate an understanding of Internet/Intranet/Extranet in relation to network security devices such as- Firewalls, Network Access Controls, and Intrusion Prevention Systems.
    • Monitor systems using network analysis to identify the ever evolving network attacks mechanisms. This shall include both internal and external threats.
    • Display complete understanding of the Systems development life cycle (SDLC) that includes the models, methods, life cycle phases, and management of the development process.
    • Effectiveness of application security with expertise in the controls that are included with systems and application programs such as agents, applets, databases, data warehouses, and knowledge based systems.
    • Display a full understanding of the security and controls of the system development process, system life cycle, application controls, change controls, data warehousing, data mining, knowledge-based systems, program interfaces, and concepts used to ensure data and application integrity, security, and availability.
    • Identify critical information systems and execute controlled measures that eliminate or reduce adversary exploitation of all systems.
    • Provide expertise in the incident response process, procedures and standard response measures through communication, documentation and execution.
    • Ensure that implemented controls to minimize the risk to its tangible and intangible assets, through patch and vulnerability management.
    • Display the ability to conduct ongoing monitoring of the security of an organization’s information, applications, networks, and systems, and respond to risk by categorizing the response by accepting, avoiding/rejecting, transferring/sharing, or mitigating risk as situations change.
    • Provide the competencies to determine if the current set of selected security controls implemented within information systems or inherited by the systems will continue to be effective over
    • Provide the ability to develop measurements and metrics that provide meaningful indications of the security status from a top tier down approach.
    • Assist the Federal Leads to set priorities and manage risk within organizational risk tolerance levels.
    • Display knowledge of the elements involved in choosing a secure site, its design and configuration, and the methods for securing the facility against unauthorized access, theft of equipment and information, and the environmental and safety measures needed to protect people, the facility, and its resources.
    • Provide professional knowledge of the core physical security controls which include Directive, preventive, deterrent, detective, corrective, and Recovery controls.

     

    Review and provide analysis to ISSO on FISMA requirements for

     

    Review SA&A documentation with a goal of preparation and successful mediation of an IG audit  

    • Review and maintain current knowledge of FISMA, NIST, HHS, and NIH policy/guidelines/directives related to security and risk management and inform the ISSO/CIO of pertinent changes and updates to documentation and templates.
    • Maintain GSS system inventory, and Security Program and any additional artifacts in NCAT.
    • Guide System Owners through the FISMA/NIST SA&A process.
    • Manage and monitor the progress of all SA&A’s and re- authorization, including maintaining the SA&A Tracking Matrix.
    • Participate in SA&A, NCAT, SharePoint, MS Office, and security related sponsored training.
    • Participate in weekly SA&A meetings.
    • Review new systems for Privacy Impact Assessments (PIA) and enter them in to NSAT. Obtain new SORN for PIA, if needed.
    • Conduct annual/periodic disaster recovery table top test, application contingency tabletop tests, and critical processes testing and update of the Disaster Recovery Plan as necessary.
    • Review new systems and work with the ISSO/CIO to reassess their priorities in the DRP and correct as appropriate.
    • Work with system owner and ISSO to determine the FIPS-199 categorization
    • Review Risk Assessment results and research appropriate solutions.
    • Respond to questions and provide assistance to System Owners, ISSO, CIO.
    •  

    Requirements

    Qualifications:

    • Bachelor’s Degree in Computer Science, Information Systems, or other related business, scientific, or technical discipline
    • 10+ years managing enterprise infrastructure IT operations in a complex, research-based environment
    • 10+ years’ experience in Access control, Information Assurance, Network Security, Software Development, Security, Cryptography, Operations Security, Business Continuity and Disaster Recovery Planning, Physical Security, Information Security Continuous Monitoring, Security Assessment and Authorization, and Security Architecture and Design
    • 5 years’ experience in a management capacity
    • Advising ISSO and other Sr Government Staff
    • Strong ITSM background to include ITIL v3 Foundation certification and experience applying ITIL-based practices
    • Experience with hardware and software for networking; distributed computing; virtualization; large-scale, high-performance storage systems; databases; telephony; and cloud computing.
    • Understanding of and experience managing to FISMA requirements for Moderate and High data systems
    • Ability to adapt to rapidly changing requirements with a flexible and creative approach to brainstorming, troubleshooting, and problem solving.
    • Outstanding leadership, team building, and consensus building skills across diverse skill sets and stakeholder perspectives
    • Ability to think analytically and independently, providing the thought leadership necessary to introduce incremental and evolutionary change
    • Able to effectively and confidently communicate – in writing and presentations – complex topics and procedures with team members and all levels of customer stakeholders
    • Must meet all requirements for obtaining and maintaining a Public Trust Clearance

    Preferred Qualifications:

    • Experience in a scientific research and development environment with demonstrated ability to analyze problems and propose multiple alternative solutions
    • NIH or HHS experience
    • Experience managing to FISMA requirements for Moderate and High systems
    • Experience with cloud solutions such as Amazon Web Services (AWS) and Microsoft Azure
    • Traditional and/or agile project management experience
    • CND-IR Certification (CEH Preferred)
    • ITIL Intermediate Qualification(s) – especially Planning, Protection, and Optimization; Release, Control, and Validation; Operational Support and Analysis; Service Operations; Service Transition; and/or Continual Service Improvement

    Medical Science & Computing is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected Veteran status.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed