Computer Systems Security Specialist I

About The Position

Requirements

• For CSWF Designated Positions - Professional Certifications: IAT II which requires a Security+ or equivalent and Continuous Education (CE).
• Must have experience with the Risk Management Framework (RMF), as well as ICD 705 (SCI) standards.
• Five (5) years of experience in: Installing and configuring and upgrading security software. Securing networks through firewalls, Intrusion Prevention System (IPS)/Intrusion Detection, password protection, Access Control Lists (ACLs), V-LAN, and industry standard network hardening techniques. Implement secure framework and risk management methodologies using patch management, STIG implementation, information assurance vulnerability alerts/bulletins.
• Three (3) years of experience in: Acting on privacy breaches and malware threats. Serving as a security expert and conduct training. Draft policies and guidelines.
• One (1) year of experience in: System administration or security roles. Networking and System Administration (e.g. TCP/IP, Firewalls). Firewall and endpoint security systems maintenance and functionality.
• If a proposed individual does not meet both the required education and experience qualifications, nine (9) years of professional technical activities related to Information Technology would be considered equivalent Five (5) of these nine (9) years should demonstrate experience in “1” through “3” Three (3) of these nine (9) years should demonstrate experience in “1” through “3” At least one (1) of these nine (9) years should demonstrate experience in "1" through 3"
• A minimum Top Secret security clearance or higher with the ability to obtain a Top Secret w/ SCI is required to be considered for this position
• A Bachelor’s degree or higher from an accredited college or university in an engineering, scientific, business, or technical discipline.

Responsibilities

• Conducting thorough analysis of IT specifications to meticulously assess potential security risks, ensuring that vulnerabilities are identified and addressed proactively.
• Installing, configuring, and performing upgrades on security software, maintaining current security measures aligned with the latest threats and technological advancements.
• Implementing robust network security measures through the use of firewalls, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), password protection mechanisms, Access Control Lists (ACLs), Virtual Local Area Networks (V-LANs), and adhering to industry-standard network hardening techniques to create a resilient defense against unauthorized access.
• Developing and implementing secure frameworks and comprehensive risk management methodologies by utilizing effective patch management strategies, applying Security Technical Implementation Guides (STIGs), and staying informed about information assurance vulnerability alerts and bulletins to protect organizational data.
• Designing and implementing effective safety measures, including comprehensive data recovery plans that ensure the integrity and availability of critical information in the event of a disaster or security incident.
• Responding promptly and effectively to privacy breaches and malware threats, employing incident response protocols to mitigate damage and restore secure operations.
• Serving as a trusted security expert within the organization and conducting in-depth training sessions to elevate awareness and knowledge of security best practices among all staff members.
• Drafting and refining policies and guidelines that govern security practices, ensuring that they align with regulatory requirements and industry standards while fostering a culture of security mindfulness across the organization.
• Demonstrated and comprehensive experience with the Risk Management Framework (RMF), showcasing a deep understanding of its structured approach to managing risk through various stages, including preparation, assessment, authorization, and continuous monitoring. This experience includes the application of RMF principles and practices to align information security strategies with organizational goals, ensuring effective risk mitigation and compliance with regulatory standards.