ConvoCourses

Cyber Security Compliance and IT Jobs

ia jobs

Security Specialist in Raleigh NC

by Leave a Comment

Short Description:
Contract resource with senior Information Security Analyst skillset, with focus on Identity and Access Management (I&AM), risk analysis, and information security policy, standards and procedure development.
Complete Description:
The Department of Transportation is seeking a short-term contractor to implement and maintain information security best practices within the NCDOT environment related to Identity and Access Management (I&AM) as well as other information security risk assessments, analysis and consultation for various IT systems.  Identity and Access Management (I&AM) is responsible for designing, developing and supporting a suite of agency wide shared services that primarily focus on identity, authentication, authorization, request management, provisioning, and certification.  The staff is part of the IT Information Security Office (ISO), with end-to-end responsibility for the agency-wide information security policy and standards.  The candidate should be an information security analyst with extensive information security operational experience, that also understands enterprise architecture, policy, standards and procedure and can consult with support, implementation and architecture teams.
Responsibilities will include:
  • Working with project & team managers and stakeholders to produce high quality and detailed identity and access management business requirements as they related to information security
  • Develop and enforce policies for identity and access management (I&AM) team for claims based authentication
  • Define the information security policy, standards and process/procedures as required for utilizing an identity management system including:  role mining, attestation, account provisioning, cloud/federated access provisioning, and others.
  • Develop  security policies and procedures for Roles Based Access Controls in claims based architecture
  • Develop security policies and procedures for claims based architecture for Active Directory and Sharepoint
  • Actively participate in assessment, planning, architecture, and design activities
  • Design, document, and implement security controls for Identity and Access Management
  • BizTalk, UDDI, web services, and claims based authentication experience
  • Design, document, and put security governance in place for external claims based authentication
The position will be responsible for documentation of security standards, security patterns, processes and procedures related to securing of web services and interoperability of all systems for the 3C and Data Services project.  The individual will educate application development teams on those standards and processes from an information security perspective.

NCDOT – Info Security Specialist- 3C North Carolina

by Leave a Comment

22ndstaffing.com

Work Location:                                                                   4101 Capital Blvd, Raleigh NC 27604
Interview Type:                                                                  Either Phone or In Person
Short Description:
Contract resource with senior Information Security Analyst skillset, with focus on Identity and Access Management (I&AM), risk analysis, and information security policy, standards and procedure development.
Complete Description:
The Department of Transportation is seeking a short-term contractor to implement and maintain information security best practices within the NCDOT environment related to Identity and Access Management (I&AM) as well as other information security risk assessments, analysis and consultation for various IT systems.  Identity and Access Management (I&AM) is responsible for designing, developing and supporting a suite of agency wide shared services that primarily focus on identity, authentication, authorization, request management, provisioning, and certification.  The staff is part of the IT Information Security Office (ISO), with end-to-end responsibility for the agency-wide information security policy and standards.  The candidate should be an information security analyst with extensive information security operational experience, that also understands enterprise architecture, policy, standards and procedure and can consult with support, implementation and architecture teams.
Responsibilities will include:
  • Working with project & team managers and stakeholders to produce high quality and detailed identity and access management business requirements as they related to information security
  • Develop and enforce policies for identity and access management (I&AM) team for claims based authentication
  • Define the information security policy, standards and process/procedures as required for utilizing an identity management system including:  role mining, attestation, account provisioning, cloud/federated access provisioning, and others.
  • Develop  security policies and procedures for Roles Based Access Controls in claims based architecture
  • Develop security policies and procedures for claims based architecture for Active Directory and Sharepoint
  • Actively participate in assessment, planning, architecture, and design activities
  • Design, document, and implement security controls for Identity and Access Management
  • BizTalk, UDDI, web services, and claims based authentication experience
  • Design, document, and put security governance in place for external claims based authentication
The position will be responsible for documentation of security standards, security patterns, processes and procedures related to securing of web services and interoperability of all systems for the 3C and Data Services project.  The individual will educate application development teams on those standards and processes from an information security perspective.
Questions:
Questions
Questions
Answers
Question 1
Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question 2
All work must be completed on site. Do you accept this requirement?
Question 3
Please list candidate’s email address HERE that will be used when submitting E-RTR.
Question 4
Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.
Question 5
Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement?
Question 6
Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement?
Question 7
This role is not new to the Department. There has been someone working in the role in the past. However, this is a new requirement for those services and it is open for competition.

info assurance

by Leave a Comment

IA
IA

Info assurance is a comprehensive approach to information security.  It included risk management, information protection, operational risk, business risk, assurance technology and much more.

More on “What is Info Assurance”?

Information assurance is the practice of assuring the confidentiality, integrity and availability of the processing, storing and/or transmission of data.  Information assurance is used as a more complete approach to information security.

Since Info Assurance covers all aspects of the security, all individuals with internal access to an organizations critical access must get info assurance awareness training.  Info Assurance is not just about turning on and configuring Assurance technology, but informing and educating those how have internal access to your system.

Info Assurance has its own complete common body of knowledge, industry, career path and degree programs accepted by the National Center of Academic Excellence in Information Assurance Education and those approved by the National Security Agency.

By becoming an info assurance specialist you can get work in many parts of the DoD including USAF, US Army, Department of the Navy and many other agencies.  But IA jobs expect specific certification(s), experience and degree.  The IA qualifications come from DoDD 8570 which is being replaced with DoDD 8140.  There are lots of titles that are considered within IA:  System Security Engineer, Info Assurance Analyst, Info Assurance Specialist, Info Assurance Subject Matter Expert (SME), Risk Analyst IT, and many others.

security engineer

by 1 Comment

System Security Engineer is a critical job in the cyberspace workforce.  As information technology has become a centerpiece for our lives, the security of IT has been more and more in demand.  A security engineer is expected to have a working understanding of IT enough to be able to strike a balance between operational functionality and application security controls.

System Security Engineer (ISSE, CSSE, SSE I/S Security Engineer) actually can mean anything.. So you actually need to read the job description.  But in this post, I am referring to SSE from the perspective Risk Management and DIARMF.

DIARMF Select balance
DIARMF
blog.eircomforbusiness.com/profile/Andy (andy O’Kelly, eircomforbusiness.com)

And Risk Management SSE needs to be savvy enough with the operational needs and security needs to balance the risk.  While a security engineer does not take risks of the organization they work for, they do consult the decision makers that do take risks.

Many security engineers are not hands on.  Meaning they might not touch the servers or configure routers, but they must know enough to orchestrate the over all security of the organization or system they are assigned to.

System Security Engineering Tasks

I have been in system security engineer positions where I did have hands-on tasks working directly with the system administrators and I have had some where I rarely even seen the systems that I wrote system security plans for.

System Security Engineers do consultation where they are working directly with information owners, project managers, information system security managers or technical security practitioners to come up with the most cost effective strategy for applying security controls with a certain level of effort within a certain time constraint.   A good security engineer understands all these factors and make sure the decision makers are well informed.  As an SSE the last thing you want to do is a prima madonna and attempt to put security beyond the scope of the operational mission.  And don’t be a hero, even if you really care about the mission you must ALWAYS remember the risk is not yours to bear and neither is the decision of what security controls (if any) will be applied.

Tasks of a system security engineer  

System security engineers do system security related documentation such as system security plans, plan of action and milestones, security assessment reports and other supporting documentation.

A day in the life of a system security engineer might consist of attending configuration management meetings, meeting with system administrators to address new challenges, writing authorization packages, coordinating with other units to complete an authorization package, reading the latest change to a regulation or organizational standard, WRITING an organizational standard and in some cases they are actually doing security administration on some system.

CYBER System Security Engineer (CSSE)

With Dod 8140 and the cyber-ization of the every goddamn thing! I believe the new term will be CYBER System Security Engineer (CSSE) and in the past it was commonly refer to as an Information System Security Engineer (ISSE).

As stated above and SSE can be just about anything computer security related.  I have been a SSE and done nothing put paperwork but also been an SSE and done mostly installations of system security controls.  My former co-worker just got a position as an Information System Security Engineer (I/SE) and he will be doing all ArcSight admin stuff.