|Preferred GIAC Certifications||CISSP|
|Contact Name||Aaron Bean|
SecureStrux Core Values
Create Team Synergy l Drive Continuous Innovation l Deliver with Integrity l Work Independently
Information Systems Security Officer (Corporate Infrastructure)
Director of Operations
Information systems security officers (ISSO) research, develop, implement, test and review an organization's information security in order to protect information and prevent unauthorized access. Officers inform users about security measures, explain potential threats, install software, implement security measures and monitor networks. Ensures security design, controls, and procedures are aligned with governmental information security standards and are appropriate to mitigate risk of exposure. Identifies security violations, determines cause, and implements procedures to prevent future incidents.
Duties and responsibilities
ISSO Corporate Infrastructure
Perform regular maintenance of security platforms, including: FireEye and Mandiant Agents and Appliances, McAfee ePO-managed AntiVirus and other system-protection agents, Parity Bit9 Server and Agents.
Analyze vulnerabilities identified during penetration testing and regular audit activities and suggest/implement remedies as appropriate.
Attend meetings on the following topics, providing technical reporting, status updates, and cybersecurity guidance: FireEye / Mandiant Status Reporting (Monthly), POAM Status Reviews (Monthly), Cybersecurity Tagup with Intelsat Corporation (Monthly), Information Technology Team Meeting (Bi-Weekly).
Act as primary engineer performing tasks related to the following projects: ForcePoint Data Loss Prevention Deployment, Parity Bit9 Upgrade, Reconfiguration, and Deployment, FireEye Helix Log Ingestion (log aggregation activity from multiple onsite resources).
Annually: Review and update infrastructure inventory, review open ports/protocols in use for the corporate infrastructure, suggest changes as appropriate
Quarterly: Maintain and update baseline configurations for all infrastructure components (including servers, workstations, network equipment, etc.), Maintain and update a list of tools employed by the Information Technology department to maintain the infrastructure, inclusive of versions/patch levels and purpose(s).
Monthly: Identify and mitigate vulnerabilities identified, maintain status documentation throughout mitigation process via ticketing system, update existing POA&M list based on impact analysis and continuing monitoring activities.
Weekly: Review aggregated logs and other system audit records for indications of inappropriate or unusual activity, perform patch testing and global deployment across all relevant security platforms mentioned previously
Ad-Hoc: Prepare reports on successful infiltration of the infrastructure and suggest/implement resolutions to prevent future occurrences, prepare reports on successful exfiltration of data, both by external actors and company personnel, to include cause(s) and subsequent actions taken to prevent recurrence, respond to alerts within security platforms mentioned previously to ensure prompt action(s) are taken to protect the infrastructure
As applicable, perform other assigned duties to assist in accomplishing department goals and objectives.
Company Related Tasks
Company meeting attendance as needed
Support Business Development with LOE, Writing, Reviews, and general proposal support.
Assist in the development and adherence of performance targets for projects/personnel.
Follow all company policies and procedures.
Bachelor’s degree in appropriate discipline or equivalent experience.
U.S. Security ClearanceTop Secret (requires U.S. Citizenship) and meet requirements for access to classified information and SCI Access.
At least six plus (6+) years demonstrated experience in ISSO
DOD 8570.1 Certified; Security+ or Certified Information Systems Security Professional (CISSP) or other applicable 8570.1 certifications is required.
In depth knowledge of ForcePoint Data Loss Prevention Deployment, Parity Bit9, FireEye Helix Log Ingestion
Communicate effectively, orally and in writing with all levels of management and individual contributors.
Strong working knowledge of Windows and Linux based computer environments and Microsoft Office productivity software including Excel, Visio and SharePoint is essential.
Ability to analyze complex information security problems and provide focused solutions to accomplish program objectives.
Willing to travel (local and continental US) up to 10% of the time.
Disclaimer: This position requires successful completion of a background check/or US security Clearance and employment verification. The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.
SecureStrux is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, national origin, protected veteran status, or disability status.
Location: Mc Lean, VA
The work environment may require a combination of indoor and outdoor activity (hot, cold, wet, humid conditions) with a varied amount of walking, standing, sitting, climbing (i.e. ladders, stair, scaffolding, ramps), balance (maintaining body equilibrium to prevent falling when walking, standing, or crouching on narrow, slippery, or erratically moving surfaces), bending, reaching, handling/fingering (seizing, holding, grasping, turning picking, pinching), stooping, kneeling, crouching and ability to lift/carry/push/pull up to 25 pounds. While performing the duties of this job, employees may work around variable noise levels or with fume or airborne particles, hazardous chemicals, etc. requiring the use of personal protective equipment such as face protection (safety glasses, goggles, face shield), foot protection (i.e. steel toed shoes, rubber boots, etc.), gloves, hard hat, shop coat and hearing protection. Work requires the ability to change into or out of personal protective equipment when entering or exiting manufacturing, laboratory, or other areas. Some employees may be required to drive between various locations within the Company facility or between locations. Work duties may also be required to work in a standard office setting and to use standard office equipment, including a computer and/or the ability to travel by air or auto. Ability to distinguish colors may also be necessary. This position may be expected to work varying shifts and hours to ensure successful operation of activities in the organization.