**************************************************************
JobCircle.com is a regional job board serving all industries
and occupations in the PA, NJ, DE, NY, MD, and DC areas.
We offer a regional job board, online learning, and regional
job fair events for jobseekers who live in our areas of focus.
To Learn More:
Job Board: http://www.JobCircle.com?source=ng
eLearning: http://www.JobCircle.com/courseware?source=ng
Job Fairs: http://JobCircleJobFairs.com?source=ng
**************************************************************
Job Title: Information Security-Principal Analyst (INFOSEC)
Job Location: DC: Wa****ngton
Pay Rate: Open
Job Length: full time
Start Date: 2008-03-23
Company Name: Dynamics Research Cor****ation
Contact: HR
Phone: email only please
Fax: email only please
Description: Information Security-Principal Analyst (INFOSEC) Tracking
Code 6685 Job Description Three years of experience performing systems
security *****sments, do***entation, and security upgrades for live
networks, desktop systems, servers, and enterprise data bases leading to
successful accreditation and certification of such systems. Required
Skills Specific experience is required in the following functional areas:
(1) Conduct *****sment of MIS systems security requirements, evaluate
current security posture and recommend priorities for remediation in
preparation for FISCAM-based IG audits.
- review MIS infrastructure and application architecture - *****s security
requirements - review existing C&A do***entation, system policies,
procedures and controls and security infrastructure (i.e. IDS, firewalls,
vulnerability scan tools, etc.) - recommend specific areas for additional
work in order by priority - develop policies and procedures based on best
practices for addressing weaknesses identified.
(2) Evaluate and strengthen standard MIS C&A Do***entation
- Performing and do***enting risk *****sments, analyzing security
vulnerabilities, and the metrics to measure the risks associated with
those vulnerabilities;
- Based on the risk profile of the analyzed systems, development and
do***entation of Contingency Plans for ameliorating those risks;
- Design, development and do***entation of comprehensive Systems Security
Plan, covering at a high level the infrastructure, policies and procedures
which define the systems security profile for the analyzed systems;
- Development of Security Users Guides specific to selected networks,
desktop computers, servers and data base systems;
- Design, development, and validation of System Test and Evaluation
(ST&E) reviews for new and/or legacy systems.
- In summary, specific C&A do***ents to be reviewed and strengthened
include:
- Systems Security Plan - Security Features Users Guide - Risk *****sment
- Contingency Plan - Incident Response Plan - System Test and Evaluation
(3) Review, evaluate, do***ent and enhance MIS system controls (based
on NIST 800-53 requirements) which would be the subject of a FISCAM style
audit, covering such subject areas as those below. Where specific controls
need to be developed or strengthened, make use of industry and government
best practice models to guide such development.
- Access Controls - Physical and Logical - Application Software
Development (SDLC) - Systems Software Access and Change Control -
Separation of Duties - Service Continuity - Systems Configuration
Management
(4) Review and conduct NIST-based Self *****sments, identifying any
weaknesses which need to be addressed, and developing a plan for
remediation of those weaknesses based on industry best practices. Required
Experience Specific COTS Software Experience - one year of experience
developing requirements for, evaluating, installing, do***enting policies
and procedures, executing and monitoring the following:
(1) Vulnerability & Patch Scans - Configures, builds templates,
and executes vulnerability and patch scan software. Analyzes results and
works closely with system administrators and DBAs to remediate
vulnerabilities, or do***ent the business requirements which make the
acceptance of the risks associated with identified vulnerabilities
acceptable.
$ Foundstone Server Scan Software - 1 year $ AppDetective Data
Base Scan Software - 1 year $ HFNetChk Patch Scan Software - 1 year
(2) Security Information Management (SIM) Software - Management and
monitoring of SIM audit log data, development of policies and procedures
for SIM operations, and development of queries, re****ts and executive
dashboards for one or more products, such as:
$ ArcSight $ eSecurity $ NetForensics
(3) System Configuration Detection and *****sment Software
- Pedestal Security Expressions - Tripwire
(4) Password Cracking Software (e.g. LC)
(5) Configuration Management Data Base (CMDB) software (e.g. Bellarc)
(6) Network Intrusion Detection (e.g. Snort) and Host Based Intrusion
Detection hardware and software. Job Location Wa****ngton, DC, US. Position
Type Full-Time/Regular
Please refer to Job code drc-255123 when responding to this ad.
For FASTEST PROCESSING of your resume, please visit
http://www.jobcircle.com/classifieds/1240364.html?source=ng
to apply
online.
**************************************************************
For fastest processing of your resume, this employer asks that
you apply to this job using the URL above.
**************************************************************
|
