This is a remote position.
Job Title: IT Security Specialist – Pen Tester
Location: Washington, DC.
Duration: Full-Time.
Description: Analyzes information security systems and applications and recommends and develops security measures to protect information against unauthorized modification or loss. Familiar with a variety of the field's concepts, practices, and procedures. Relies on experience and judgment to plan and accomplish goals. Performs a variety of complicated tasks. May lead and direct the work of others. Typically reports to a project leader or manager. A wide degree of creativity and latitude is expected.
Skills:
Proficiency in verbal and written communications.
Proficiency in interview skills
Proficiency in interpersonal skills.
Proficiency in handling multiple tasks concurrently.
Proficiency in project and time management.
Ability to adjust to changing priorities.
Ability to work in a cohesive team-oriented environment.
Requirements:
Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations AND comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards.
At least 5 years of recent experience (within the last 6 years) in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools
At least 5 years of recent experience (within the last 6 years) with enterprise architecture methodologies, concepts, procedures, principles, and tools
At least 5 years of recent experience (within the last 6 years) in contingency planning and backup and recovery best practices and application of NIST guidance in this area
At least 5 years of recent experience (within the last 6 years) in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.)
At least 5 years of recent experience (within the last 6 years) in conducting penetration testing or the ability to bring in a penetration tester when required
At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework
Certification:
Information System Security Training for Significant Roles for a Certification Agent/Security Controls Assessor: Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
GIAC Systems and Network Auditor (GSNA)
Electronic Commerce Council Certified Ethical Hacker (CEH)
ISC2 Certified in Governance, Risk and Compliance (CGRC)
Security Certified Network Professional (SCNP)
Security Certified Network Architect (SCNA)
If the contractor’s employee(s) does not possess one of the aforementioned certifications, they must provide documentation that they have already taken training and they must pass the exam within six months of joining the contract.
Security Clearance:
Successful completion of background investigation without any adverse findings are required. Knowledge of and experience with the technical and administrative information system security requirements for high impact, high availability systems in government organizations is required.
