Security Lead

Job Locations

US-VA-Sterling

Job ID

2020-1962

# of Openings

1

Overview

This position plans, implements, upgrades, or monitors security measures for the protection of computer networks and information for Federal clients. Ensures appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. Respond to computer security breaches and viruses.

REI Systems has delivered innovative solutions that empower people and impact millions of lives since 1989. Our 500+ problem-solving technologists and consultants are passionate about modernizing the government to fulfill their missions more effectively. Our customers include Government Operations, Homeland Security, Health, Science, Financial Services, and State, Local, and Nonprofits. We take a Mindful Modernization approach in providing Application Modernization, Data Analytics, Grants Management, Small Business Innovation Research Programs, and Advisory Services. Delivering domain experts, management consultants, and best-fit technologies through agile execution, along with a commitment to customer service is the REI Way.

\\"REI Systems is an Equal Opportunity Employer'

Responsibilities

Specific duties include:
Develop and deliver an IT Security Plans.
- Provide the most recent Web Application and Operating System vulnerability scan reports.
- Provide POA&M updates in accordance with requirements and the schedule set forth in the GSA CIO IT Security Procedural Guide.
- Review and update the System Security Plan annually.
- Provide an annual update to the contingency plan completed in accordance with NIST 800-34.
- Provide the results of the annual review and validation of system users' accounts to ensure the continued need for system access.
- Develop and furnish a separation of duties matrix reflecting proper segregation of duties for IT system maintenance, management, and development processes.
- Provide the results of security awareness (AT-2) and role-based information security technical training (AT-3).
- Deliver the results of the annual FISMA self-assessment conducted per GSA IT Security Procedural Guide.
- Provide a well-defined, documented, and up-to-date specification to which the information system is built.
- Establish and document mandatory configuration settings for information technology products.
- Provide an annual update to the Configuration Management Plan for the information system.
- Provide a contingency plan test report completed in accordance with GSA IT Security Procedural Guide.
- Provide an incident response plan test report.
- Provide Interconnection Security Agreements (ISA) and supporting Memoranda of Agreement/Understanding (MOA/U), completed in accordance with NIST 800-47.
- Define and establish Rules of Behavior for information system users.
- Support independent penetration tests.
- Develop and maintain current the following policies and procedures:
- Access Control Policy and Procedures (NIST 800-53 AC-1)
- Security Awareness and Training Policy and Procedures (NIST 800-53 AT-1)
- Audit and Accountability Policy and Procedures (NIST 800-53 AU-1)
- Identification and Authentication Policy and Procedures (NIST 800-53 IA-1)
- Incident Response Policy and Procedures (NIST 800-53 IR-1, reporting timeframes are documented in GSA IT Security Procedural Guide 01-02, 'Incident Response'
- System Maintenance Policy and Procedures (NIST 800-53 MA-1)
- Media Protection Policy and Procedures (NIST 800-53 MP-1)
- Physical and Environmental Policy and Procedures (NIST 800-53 PE-1)
- Personnel Security Policy and Procedures (NIST 800-53 PS-1)
- System and Information Integrity Policy and Procedures (NIST 800-53 SI-1)
- System and Communication Protection Policy and Procedures (NIST 800-53 SC-1)
- Key Management Policy (NIST 800-53 SC-12)

Qualifications

- Possesses and applies a comprehensive knowledge across key tasks described above.
- Ability to plan and lead information security assignments.
- Evaluates results and recommends changes affecting project security and success.
- Functions as a information security technical expert across project tasks.
- At least 7+ years related work experience.
- CAP or CISSP or GSEC or GICSP or CCSP

.