Apply on Employer Site

Computerworld · 2 weeks ago

Computer Security Systems Specialist III

United States

Full-time

Remote

Senior Level

$145K/yr - $155K/yr

Computer World Services is dedicated to supporting the Financial Stability Oversight Council (FSOC) in promoting financial stability. The Computer Security Systems Specialist III will design, develop, and implement cybersecurity solutions while performing complex risk analyses and ensuring comprehensive security coverage across system components.

Information TechnologyNews

No H1B

U.S. Citizen Only

Responsibilities

To effectively manage Cybersecurity risk to the Office, the contractor will assist the OFR in refining and implementing the processes and methodologies to assess internal and external/third-party systems and provide accurate accounting and tracking for risks and findings

Conducting comprehensive vulnerability management using Nexpose, Rapid7, and Qualys platforms to identify, prioritize, and remediate security vulnerabilities and configuration baselines across the enterprise infrastructure

Implements automated container vulnerability scanning tools, such as AWS Clair, to identify and evaluate critical findings

Perform application security testing using Fortify WebInspect to assess web applications for security flaws and conduct thorough code reviews using Veracode to identify vulnerabilities in source code

Create custom queries and generate detailed reports in Splunk to support security monitoring, incident analysis, and compliance reporting

Tracked, monitor and report on Plans of Action and Milestones (POA&Ms). Findings discovered through risk assessments, Security Controls Assessments (SCA), continuous monitoring activities, vulnerability scans, application security tests, and code analysis will be collected, analyzed and used to provide continuous reporting and support informed, risk-based decision making

Develop policies for least-privilege access controls, implement network segmentation strategies, integrate identity and access management solutions with network security controls, and establish continuous monitoring and validation processes to ensure all network communications are authenticated, authorized, and encrypted

Serving as the principal liaison between the OFR and supporting personnel for the specific subtask area (e.g., Security Controls Assessors, ISSOs, Continuous Monitoring)

Qualification

Cybersecurity engineeringVulnerability managementRisk assessmentNIST Risk Management FrameworkAWS Cloud ServicesSecurity frameworksIncident responseBasic PythonPowerShellCommunication skillsTeam collaboration

Required

Deep understanding of modern cybersecurity engineering principles

Control validation, including security-as-code, infrastructure-as-code, and DevSecOps practices

Proven experience conducting security assessments

Hands-on experience managing a vulnerability management program

Reviewing and recommending detection rules

Incident response playbooks

Performing regular audits of security controls and access management systems

Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls

Ensure compliance with guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies

Preparing Security Authorization Packages and including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations and Security Authorizations memorandums

Identify, assess, and prioritize identified risks

Collect evidence, artifacts, and document findings to support conclusions

Report on compliance with internal policies, controls, and standards

Provide recommendations for remediation of identified deficiencies

Track and report on Plans of Action and Milestones (POAMs)

Coordinate third-party risk assessments and IT audits

Manage remediation efforts and report on the status of control deficiencies

Understanding of networking technologies and concepts (routing, switching, network segmentation, etc.)

Strong written and verbal communication skills

Ability to work effectively under pressure

Familiar with basic python, JSON, and/or PowerShell

Familiar with AWS Cloud Services - EC2, VPC, S3, RDS, CloudFormation, Systems Manager, CloudWatch, Security Hub

Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10

Public Trust High (Tier 4/BI) Risk Level

Must be a US citizen

Preferred

Experience as an emergency medical responder, firefighter, or related high-pressure environment

Certified Information Security Professional (CISSP)

Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent