I get people contacting me every week about jobs all around the US! Today, I am going to show you a couple that I received recently. I hope that it will give you some idea of what employers and contracts look for in security compliance professionals.
Source code management (SCM) & DEVOPS team (Infrastructure Team) manages the entire continuous integration, continues development chain process of a global Engineering conglomerate.
Application is developed using Microsoft technology C#, C++, WPF, MVVM and custom control on Windows-7 platform. The backbone of the entire SCM is Microsoft TFS while the packaging strategy is utilizing MSI and WIX. The current build management is driven by customized XMAL with PowerShell usage. Now the plans are to move to VNEXT that provides flexibility as an orchestrator and allows better reporting, triggering and logging facility.
The Goal of this team is to make the entire infrastructure to be in compliant with DIACAP (DoD Information Assurance Certification and Accreditation) process
Expectations – The team is looking out for Engineers who can augment the current team and support on following tasks
This means the identified engineer needs experience in DIACAP process (not knowledge) on how the system could be transformed to be DIACAP compliant system.
• Experienced in the Security Technical Implementation Guide (STIG) that provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR).
• Identify loopholes and open items as part of IIS 7.0 Web Server to ensure that the IIS 7.0 becomes STIG compliant and thus related request handling and filtering are done in control manner and encryption is applied for protocols or data exchange for HTTP, FTP or telnet and more of such tasks etc.
• Ensuring the basic need of McAfee VirusScan 8.8 Managed Client STIG that highly suggests to have antivirus to be monitoring 24*7 along with no possibility of stoppage of such services and availability of antivirus signed files almost every day
• Ensure security enablement in Microsoft Internet Explorer 11 client used on Windows-7 workstations like script execution, popup restrictions as needed and stoppage of unsigned ACTIVEX controls
• Experience in interpreting STIG scans that reflect results on periodic basis.
• Experience in working on adding check and controls in build management system that automates scans ensure STIG compliance.
• Good Team Player
• Good Written and verbal communication skills
• Customer facing experience would be added advantage
www.enterprisesolutioninc.com Pradyut Bhattacharya
Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485
This is Nicholas associated with 22nd Century Technologies, Inc.,(TSCTI) assessed at CMMI Level 3 is one of fastest growing IT services and solutions company with innovative approach to provide IT services and solutions to Federal, State, Local agencies and commercial clients. Incorporated in 1997, TSCTI has its corporate headquartered in New Jersey and has presence in 33 other states across the U.S including Public sector practice headquarter in DC Metro area. Find more about us at www.tscti.com
We have a position for you to work as Cyber security Engineer in Monterey CA. Please review below the full job and let us know if interested I will love to call you as per your convenience and would discuss this position in detail so that we can go ahead and submit your resume.
Please send me the updated copy of your detailed resume.
There are differences between the old DIACAP (being phased out), DoD RMF for IT and NIST RMF. What is “DIACAP”? It stands for Department of Defense Information Assurance Certification & Accreditation Process and it is based on the old DoDI 8510.01 and DoD 8500 documents. The process was designed to make absolutely sure federal systems have security on them.
With the constant exponential evolution of information technology this process has had to change to keep up with the times. DIACAP is being replaced with DoD Risk Management Framework for Information Technology (DoD RMF for IT). This process has more granularity, more detailed, more frequent and covers many new technology that was not covered by DIACAP. DoD RMF for IT is actually based fundamentally on NIST SP 800-37, Risk Management Framework.
This is a quick introduction to Step 2 of the Risk Management Framework NIST 800-37 process. Step 2 involves selection of NIST Special Publication 800-53 security controls. There are (3) main tasks that you must do in this step:
1) Select the applicable baseline controls. Selection of baseline controls is based on system categorization.
2) Tailor the Security Controls to the system. Not all security controls can be used because they may break your system. And in some cases they are simply not applicable. There are also Common Controls, Hybrid controls, and system specific controls.
3) Document the Security Controls. You must document the selected security controls in a system security plan and have the security controls reviewed.
This is an introduction to Step 1, Categorization of the NIST SP 800-37, Risk Management Framework process. Categorization consists of three primary steps:
1) Determining the Security Categorization of the information system. This is done by breaking down the primary information types on the system. You can get great guidance on this from FIPS 199 and NIST SP 800-60 (Volume I-II).
2) Create a System Description. This is really the first step to creating a System Security Plan and it leads to registering the systems.
3) Register the system. This means that you need to advertise the the system to all the stakeholders of the system in the organization. Organizations usually have a method of doing this with a database that can be seen by upper-level management.