About Us
Experience:
• Assist in development of System Security Plan, Incident Response Plan, IT Contingency Plan and associated procedures for the new cloud-based system.
• Constantly learning and using new technologies and cloud services to reduce security risks, implement controls and automate control implementation.
• Perform vulnerability assessment and configuration audits of applications using tools or services selected and implemented in the application design.
• Manage security situational awareness of system by monitoring account management, network and system logs, anti-virus and related security threat detection systems.
• Monitor the system for information spills, executing incident response when necessary.
• Attend regular scheduled change management meetings, identify impacts to security, perform assessments, and communicating impact to security posture with recommendations and ongoing security control assessments and updates to key documentation.
• Administer security tools, keep them updated, and learn how to get the most from the available tools to address security protection and detection needs as well as reporting of status.
• Performs security control assessment in using NIST 800-53A guidance and conduct independent scans.
• Leverage tools to automate processes, implement controls and perform monitoring wherever possible.
• Manage System Security Plan, Risk Assessment Report, Security Assessment Plan and Report, Contingency Plan, Incident Response Plan, Standard Operating Procedures, Plan of Actions and Milestones, Remediation Plans, and Configuration Management Plan.
• Validates that protective measures for physical security are in place to support the systems security requirements.
• Maintains an inventory of hardware and software for the information system.
• Performs risk analyses to determine cost-effective and essential safeguards and supports Incident Response and Contingency activities.
• Performs security control assessment in using NIST 800-53A guidance and conduct independent scans of the
application, network, and database (where required).
• Provides continuous monitoring to enforce client security policy and procedures and create processes that will
provide oversight into the following activities for the system owner.
• Provides security engineering designs and implementation in all aspects of Information Assurance and Information Security (InfoSec) Engineering.
• Performs system certification and accreditation planning and testing and liaison activities, and supports secure systems operations and maintenance.
• Establishes system security designs and implements security designs in hardware, software, data, and procedures.
• Performs the role of security software engineer for assigned tasks and in conjunction with systems engineering and software engineering to integrate/embed/assess security design throughout the system lifecycle to include all technical issues related to security vulnerabilities and their resolution.
• Works with IA vulnerability scanning software tools and utilizes knowledge of computer vulnerabilities and exploits to mitigate and administer patching of applications and operating system software.
• Researches and recommends tactics to minimize asset liability, including investigating potential asset loss incidents
• Maintain tracking using Remedy for firewall changes requests, demilitarized whitelist requests, and blacklist requests
• Aggressively monitor systems availability, reliability, security, and network health for router, server, cpu’s and etc.
• Utilize network monitoring software, particularly HP OpenView, and CA Network Health in a real time environment
• Support malicious code detection efforts by downloading and updating network systems and stand- alone laptops
• Support system monitoring and maintenance activities as required (ex. Malicious code detection, auditing, and scans
• Direct the investigation of security needs and recommend, plan, test, and monitor information security improvements