Apply on Employer Site

Computer World Services Corp. (CWS) · 1 week ago

Computer Security Systems Specialist III

Falls Church, VA

Full-time

Hybrid

Mid, Senior Level

$145K/yr - $155K/yr

Computer World Services is dedicated to supporting financial stability through the Office of Financial Research. The Computer Security Systems Specialist III will design, develop, and implement solutions for cybersecurity, manage risk assessments, and ensure compliance with various security standards and regulations.

ComputerInformation TechnologySoftwareVirtual Reality

Senior Management

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

To effectively manage Cybersecurity risk to the Office, the contractor will assist the OFR in refining and implementing the processes and methodologies to assess internal and external/third-party systems and provide accurate accounting and tracking for risks and findings

Conducting comprehensive vulnerability management using Nexpose, Rapid7, and Qualys platforms to identify, prioritize, and remediate security vulnerabilities and configuration baselines across the enterprise infrastructure

Implements automated container vulnerability scanning tools, such as AWS Clair, to identify and evaluate critical findings

Perform application security testing using Fortify WebInspect to assess web applications for security flaws and conduct thorough code reviews using Veracode to identify vulnerabilities in source code

Create custom queries and generate detailed reports in Splunk to support security monitoring, incident analysis, and compliance reporting

Tracked, monitor and report on Plans of Action and Milestones (POA&Ms). Findings discovered through risk assessments, Security Controls Assessments (SCA), continuous monitoring activities, vulnerability scans, application security tests, and code analysis will be collected, analyzed and used to provide continuous reporting and support informed, risk-based decision making

Develop policies for least-privilege access controls, implement network segmentation strategies, integrate identity and access management solutions with network security controls, and establish continuous monitoring and validation processes to ensure all network communications are authenticated, authorized, and encrypted

Serving as the principal liaison between the OFR and supporting personnel for the specific subtask area (e.g., Security Controls Assessors, ISSOs, Continuous Monitoring)

Qualification

Cybersecurity engineeringVulnerability managementRisk assessmentNIST Risk Management FrameworkAWS Cloud ServicesSecurity frameworksSecurity assessmentsBasic PythonIncident responseNetwork technologiesCommunication skillsSoft skills

Required

Deep understanding of modern cybersecurity engineering principles

Control validation, including security-as-code, infrastructure-as-code, and DevSecOps practices

Proven experience conducting security assessments

Hands-on experience managing a vulnerability management program

Reviewing and recommending detection rules

Incident response playbooks

Performing regular audits of security controls and access management systems

Conducting comprehensive vulnerability management using Nexpose, Rapid7, and Qualys platforms

Implementing automated container vulnerability scanning tools, such as AWS Clair

Performing application security testing using Fortify WebInspect

Conducting thorough code reviews using Veracode

Creating custom queries and generating detailed reports in Splunk

Tracked, monitor and report on Plans of Action and Milestones (POA&Ms)

Developing policies for least-privilege access controls

Implementing network segmentation strategies

Integrating identity and access management solutions with network security controls

Establishing continuous monitoring and validation processes

Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls

Ensuring compliance with guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP

Preparing Security Authorization Packages

Identifying, assessing, and prioritizing identified risks

Collecting evidence, artifacts, and document findings

Reporting on compliance with internal policies, controls, and standards

Providing recommendations for remediation of identified deficiencies

Tracking and reporting on Plans of Action and Milestones (POAMs)

Coordinating third-party risk assessments and IT audits

Managing remediation efforts and reporting on the status of control deficiencies

Understanding of networking technologies and concepts (routing, switching, network segmentation, etc.)

Strong written and verbal communication skills

Ability to work effectively under pressure

Familiar with basic python, JSON, and/or PowerShell

Familiar with AWS Cloud Services - EC2, VPC, S3, RDS, CloudFormation, Systems Manager, CloudWatch, Security Hub

Familiar with and have worked within security frameworks such as: NIST SP 800-61, Attack lifecycle, SANS Security Controls, MITRE ATT&CK, Kill chain, OWASP Top 10

Public Trust High (Tier 4/BI) Risk Level

Must be a US citizen

Preferred

Experience as an emergency medical responder, firefighter, or related high-pressure environment

Certified Information Security Professional (CISSP)

Preference given for CCE, CCFE, CEH, CPT, CREA, GCFE, GCFA, GCIH, GCIA GIAC, Splunk Core, OSCP, SANS Security 500 Series or other industry standard equivalent