Junior IT Security Consultant in Silver Spring, MD at APEX Systems

Date Posted: 8/2/2018

Job Snapshot

Job Description

Job #:  861048

*Apex Systems is looking for a Junior IT SME in the Silver Spring MD area! Must have a CISSP!* 

Candidates must be US citizens and able to obtain and/or maintain a Department of Defense [Secret / Top Secret] security clearance as a condition of employment”  

Job Purpose
• Recommend Implementation of security requirements based on laws, regulations or Presidential directives in compliance with Federal Information Security Management Act (FISMA) Cyber-security initiatives
• Review proposed new systems, networks, and software for potential security risks
• Advise Program Management Office (PMO) personnel on the applicable security tasks based on the Program’s System Development Life Cycle (SDLC) phase
• Review security related product selection and implementation activities
• Participate and provide security SME guidance in Vendors Source Selection process
• Define the scope and level of detail for security plans applicable to the system
• Identify need for changes based on new security technology and evolving threats
• Analyze change requests to the system for security posture impact/updates
• Review security incident response policy, manage security incident procedures
• Manage and maintain system authorization status or Authority to Operate (ATO)
• Have experience in and Support the Organizational Assessment & Authorization (A&A) process for existing and new systems
• Responsible for planning and coordination of A&A activities for the Program/System
• Identify & generate Security Artifacts for A&A
• Review and recommend approval of systems FIPS 199, FIPS 200, and E-Authentication
• Prepare and provide System Security Plan for the system
• Prepare System Owner and Information System Security Officer letters
• Coordinate Security Test and Evaluation events between involved stakeholders
• Participate in Security Test and Evaluation process and Review ST&E report
• Perform Vulnerability Assessment review and generate reports for System Owner and stakeholders

Have experience with analyzing vulnerabilities and providing guidance on secure IT implementation of various operating systems (e.g. Windows, Unix, Linux, and Mac)
• Have experience with analyzing vulnerabilities and providing guidance on secure IT implementation of various applications (e.g. Oracle, SQL Server, Apache, IIS)
• Have experience with analyzing vulnerabilities and providing guidance on secure IT implementation of network devices (e.g. switches, routers, firewalls)
• Have experience with analyzing vulnerabilities and providing guidance on secure architecture design of various applications (e.g. internal-only, publicly available)
• Experience serving as an ISSO for a federal government system is a plus
• Experience conducting cybersecurity audits of Federal Systems to ensure appropriate implementation and security compliance
• Performing and providing vulnerability assessment results and recommendations
• Assessing known systems vulnerabilities and verifying system hardening and patching activities to ensure compliance with applicable Security Requirements and related checklists
• Working knowledge of cyber security toolsets
• Experience with network and system security administration, including operating system security configuration and account management best practices for Operating Systems
• Understanding of Systems Engineering requirements, specifications, and demonstrated experience implementing Federal A&A Processes, assessing and validating compliance with security controls and developing and maintaining associated documentation.
• Have detailed knowledge of the latest versions of the National Institute of Standards and Technology (NIST) Special Publications (SP) 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, 800-60, etc.
• Have experience with identification, documentation, and testing of security controls for information technology systems in accordance with the above NIST guidance
• Have experience with identification of security risks (threat/likelihood/impact) to the system, networks, and organization and documenting risks for management review
• Have experience with the System Development Life Cycle (SDLC) and the activities associated within each phase.

Must be a US citizen
• Clearable for High Risk Positions of Trust
• Have experience with technical vulnerability scanning and secure configuration assessments, and documenting analysis of results
• Ability to interface with customers of various levels, to include but not be limited to Program Management Office (PMO), Authorizing Officials, Information System Owners, Independent Security Assessment Team and Technical system personnel
• Excellent verbal/written communication skills
• Excellent interpersonal skills
• Able to work in a team environment
• BS or equivalent + 5+ years related experience, or MS + 3+ years related experience

 

 

 

 

 

 

 

 

EEO Employer

Apex is an Equal Employment Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or 844-463-6178.