Summary
Implement and monitor security processes relative to IT Policy, Procedure, and Compliance with respect to NISPOM and Department of Defense (DoD) Information Security requirements. Audit information system security plans and procedures to comply with DoD and separate service regulations, directives and procedures. Function as Information Technology Security Administrator, coordinate and oversee compliance of multiple IT Security and Audit requirements in coordination with Security, IT Management, Audit, and Compliance. Provide input and assistance as an IT team member.
Essential Duties and Responsibilities
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Gather and verify documentation surrounding each assessment type including, but not limited to Information Security, Cybersecurity, SOC reports, Business Continuity and Disaster Recovery, Regulatory Compliance and Operations, and related disciplines in alignment with established practices.
- Responsible for monitoring networks for security events and alerts to potential/active threats, intrusions, and/or indicators of compromises, analyze trends to determine downstream impact, and partner with applicable departments to ensure appropriate actions are taken to minimize risks.
- Support the Cyber Security team with protecting confidentiality and integrity of the organization’s information assets.
- Monitor security infrastructure and security alarm devices for Indicators of Compromise utilizing cyber security tools, under 24/7 operations.
- Assists in maintaining IT Security policies, procedures, and documentation.
- Performs comparisons between existing standards and practices and work instructions, correcting practice documents when needed.
- Responsible for recurring tasks on systems as assigned.
- Conduct scheduled inspections of systems/facilities that process classified information,
- Maintain and audit all logs and records associated with operation procedures.
- Audit security logs, reports, daily system audits, security logs and authentication features to assure security-relevant actions are properly implemented and executed.
- Create security reporting as required by ongoing business needs and audit requirements.
- Identify new security platforms/tools to improve overall infrastructure security.
- Review current and upcoming security requirements/threats and create the necessary actions to mitigate any risks to the organization.
- Evaluate enterprise business system proposed changes, updates, or patches and advise IT Management, Change Management Board, and ISM of relevance.
- Provide security best practice guidance and expertise to project manager(s) and BSA to define requirements for applications, installations, and program architecture for information systems.
- Aid IT team members, BPO, and Security staff to ensure compliance with applicable IT Security policies, DoD/Service specific regulations and contractual security requirements.
- Perform as a member of the IT Incident Response Team for threats and security risks to the organization. This includes interfacing with the underlying teams/individuals to formulate and apply remediation action.
- Build and maintain cloud components specific to security, identity, and governance in multiple cloud providers.
- Develop and document cloud security best practices and security guidelines for cloud technologies.
Qualifications and Education Requirements
- Bachelor’s degree in related disciplines or equivalent experience.
- Understanding of computer security components (i.e., topology, switches, routers, firewalls, SIEM)
- Understanding of current information security threat analysis, identification, mitigation and investigation techniques.
- Must be eligible for a DOD Personnel Security Clearance and any special access requirements.
Preferred Skills
- At least one DoD 8570 Certification.
- Must be detail oriented; work with minimal supervision; Strong analytical and problem-solving capabilities.
- Prior experience with IT Audit procedures and documentation.
- Experience with hardware/software platforms including Windows and Linux.
- Other professional certifications highly desirable.
Security Responsibilities
Must comply with all company security and data protection / usage policies and procedures. Personally responsible for proper marking and handling of all information and materials, in any form. Shall not divulge any information, or afford access, to other employees not having a need-to-know. Shall not divulge information outside company without management approval. All government and proprietary information will be accessed and stored electronically on company provided resources.
Work Environment
- Ability to work in a regular office/classroom environment, as well as in and around electronic equipment, hydraulic equipment and confined spaces.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.
- Ability to operate a personal computer and communicate via e-mail/telephone.
Other Duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for their job. Duties, responsibilities, and activities may change at any time with or without notice.
Position Type
Regular