CYBER SECURITY SPECIALIST SENIOR

Join our team and be a part of the mission that supports the Department of Veterans affairs (VA) with IT technical expertise.  This position is one of many that provide delivery and technical support to One VA world-class service to Veterans and their families by delivering results-oriented, secure, highly available, and cost effective information technology services.  VA depends on Information Management/Information Technology (IM/IT) systems to meet mission goals and in support of those goals EO is constantly transforming.

 

Ø  LOCATION: AITC, AUSTIN, TX

Ø  TRAVEL:  NONE

Ø  EXPECTED START DATE:  ASAP

CYBER SECURITY SPECIALIST KNOWLEDGE, SKILLS AND ABILITIES: 

 

A SENIOR CYBER SECURITY SPECIALIST HAS INFORMATION TECHNOLOGY EXPERIENCE WITH CYBER SECURITY POLICY AND THREAT MITIGATION. MUST HAVE KNOWLEDGE AND EXPERIENCE IN CYBER SECURITY TOOLS, NETWORK TOPOLOGIES, INTRUSION DETECTION, PKI, AND SECURED NETWORKS.  MUST HAVE KNOWLEDGE OF IMPLEMENTATION AND SECURITY LEVELS AND ROLES NECESSARY FOR SUCCESSFUL DEPLOYMENT.

CYBER SECURITY SPECIALIST TASKS: 

 

The team in which the Cyber Security Specialist resides is SDE EO Technical Security group which relies on advanced tuning of existing IT security products to detect, protect and forward critical security alerts to the SDE EO Security Monitoring group, Nation Service Desk (NSD), Information Security Officers (ISOs) and the VA National Security Operations Center (NSOC) on alerts related to VA compliance policy violations, Advanced Persistent Threats (APT’s) and any other IT Security related issues that need attention during normal working hours and after hours.

 

The SDE EO security network will be interconnected among the different data centers (i.e. AITC, HITC, PITC, QITC, CITC) in a separate private security network. Each data center’s security network will be separated by a firewall to only allow other data center security network connectivity using VA’s existing network. This allows for the separation of environments to keep event log data as required by policy to where only designated INFOSEC personnel have access into this security network from the various SDE EO network locations. This SDE EO Information Technology Center (ITC) security network will also provide the redundancy needed for security network and security tool availability. SDE EO security tool standardization will be implemented along with the technical security processes that are in place at AITC.

 

In support of these Technical Security efforts, this position will:

 

  1. Perform assessments and compliance activities using central managed vulnerability scan

engines to perform operating systems, network devices, databases and applications

assessments.

 

  1. Perform collection and analysis of all operating systems logs, network device logs,

network flows, intrusion prevention and intrusion detection, vulnerability assessment,

network firewall, web application firewall and virtual environment logs and provide

centralized correlation, alerting, log archiving, asset discovery and behavior analysis

configuration using an IBM QRadar Security Information and Event Manager (SIEM) or

equivalent.

 

  1. Perform real-time network and system protection, detection and log analysis using

Sourcefire Intrusion Prevention System/Intrusion Detection System (IPS/IDS) or

equivalent sensors centrally managed with Sourcefire Defense Center console or

equivalent providing network awareness and vulnerability intelligence.

 

  1. Perform web application vulnerability assessments and reporting using web application

assessment software, which also provides web application security intelligence to the

Web Application Firewall solution.

 

  1. Perform real-time web application protection against SQL injection attacks, malicious

bots, zero-day attacks, data loss and defacement protection and any other Web

Application attacks that exist including Payment Card Industry Data Security Standard

(PCI DSS) compliance using Web Application Firewall technology.  PCI compliance and

reporting is performed by VA.

 

  1. Perform end user device threat containment and access control to ensure VA security

policies and restrictions in the Information Technology Center network using Network

Access Control technology are adhered.

 

  1. Perform real-time network and system malware protection, detection and log analysis

using Malware Protection System.

 

  1. Prepare and conduct status briefings and resolve issues in support of senior managers and

VA leadership upon request from COR/VA PMs.

 

  1. Review and maintain Standard Operating Procedures for the Intrusion Prevention

Systems Intrusion Detection Systems (IPS/IDS), Security Information and Event

Manager (SIEM), Vulnerability assessments using Tenable Security Center or equivalent,

Incident Response, Web Application Firewall (WAF), VMware or equivalent, Network

Admission Control Systems (NAC), Malware Protection System (MPS) and any other

SDE EO Technical Security activities and processes that may need SOP’s reviewed and

maintained.

 

CYBER SECURITY SPECIALIST BASIC QUALIFICATIONS 

Position requires a Bachelor’s Degree in computer science, electronics engineering or other engineering or technical discipline plus 10 years of experience.  8 years of additional relevant experience may be substituted for education.

  • NIST 800-53 experience.
  • FISMA compliant Assessment and Authorization experience.
  • Certification and Accreditation experience.
  • Knowledge of emerging trends in IT, and how they relate to IT security (cloud computing, mobile computing, virtualization, PCI and SOC compliance).
  • Advanced knowledge of SIED, FIN, DLP, IDS/IPS, firewall and anti-virus/malware solutions.
  • Advanced knowledge of information security principles and practices: security risk assessment standards, risk assessments methodologies, and vulnerability assessment.
  • Experience implementing policies, procedures and practices to meet PCI requirements.
  • Risk Management Framework experience.
  • CISSP or CASP
  • Self-motivated and assertive.
  • Ability to set priorities and adapt to changes in a quick and professional manner.
  • Excellent oral and written communication skills;

o   Ability to interact with internal and external stakeholders at every level

o   Ability to use discretion when handling confidential information

  • Strong analytical, reasoning and problem solving skills

 

Hiring contingent upon successful completion of the Department of Veterans Affairs Background Investigation process and Program Management start date approval.

CYBER SECURITY SPECIALIST DESIRED SKILLS:

Web Application Security Consultant with expertise in OWASP, AJAX technology and PHP

Expertise in application security technologies:

    • Fortify
    • AppScan
    • WebInspect

Experience in web based languages some or all:

    • Java Applets
    • Python
    • .Net
    • JSON
    • C++

Experience in database administration:

General DB administration

 

Technical abilities to:

o   Understand session tracking and penetration tests

o   Use attack vendors and application flow charts

 

About Semper Valens Solutions:

Semper Valens Solutions, Inc. is a Service Disabled Veteran Owned Small Business (SDVOSB) providing Cost Effective Software and Systems Engineering, Field Support, Training and Full Life cycle Support Management to the DOD community

 

At Semper Valens, our vision is to remain a creative, cutting edge and cost effective solutions provider where our shared intellect, industry experience, and technology excellence, make a positive difference in our customer’s success. Our solutions help bridge the gap between IT and business prioritizations to optimize budgets, risks and operational processes.

 

We search for outstanding technical professionals, hiring at all levels of the experience spectrum; intermediate, journeyman and senior. Consider us for your career plan.

 

Semper Valens Solutions is an Equal Opportunity Employer

 

Semper Valens Solutions, proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital/parental status, pregnancy/childbirth or related conditions, physical or mental disability, genetic information, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

 

If you require a reasonable accommodation to apply for a position with Semper Valens Solutions through its online applicant system, please contact Semper Valens Solutions Human Resources Department at (520) 378-1545.

Source:http://www.sempervalens.com/recruiting/careers/index.php?m=careers&p=showJob&ID=175