Tag Archives: job

diacap tarry town

Job position for DIACAP Compliance Engineer at Tarrytown, NY

Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months

Keywords: – STIG, TFS, DevOps, Windows Imaging WIX, MSI, PowerShell, Anti-Virus, Whitelisting

Job Description:
Background
Source code management (SCM) & DEVOPS team (Infrastructure Team) manages the entire continuous integration, continues development chain process of a global Engineering conglomerate.
Application is developed using Microsoft technology C#, C++, WPF, MVVM and custom control on Windows-7 platform. The backbone of the entire SCM is Microsoft TFS while the packaging strategy is utilizing MSI and WIX. The current build management is driven by customized XMAL with PowerShell usage. Now the plans are to move to VNEXT that provides flexibility as an orchestrator and allows better reporting, triggering and logging facility.
The Goal of this team is to make the entire infrastructure to be in compliant with DIACAP (DoD Information Assurance Certification and Accreditation) process

Expectations – The team is looking out for Engineers who can augment the current team and support on following tasks
This means the identified engineer needs experience in DIACAP process (not knowledge) on how the system could be transformed to be DIACAP compliant system.
• Experienced in the Security Technical Implementation Guide (STIG) that provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR).
• Identify loopholes and open items as part of IIS 7.0 Web Server to ensure that the IIS 7.0 becomes STIG compliant and thus related request handling and filtering are done in control manner and encryption is applied for protocols or data exchange for HTTP, FTP or telnet and more of such tasks etc.
• Ensuring the basic need of McAfee VirusScan 8.8 Managed Client STIG that highly suggests to have antivirus to be monitoring 24*7 along with no possibility of stoppage of such services and availability of antivirus signed files almost every day
• Ensure security enablement in Microsoft Internet Explorer 11 client used on Windows-7 workstations like script execution, popup restrictions as needed and stoppage of unsigned ACTIVEX controls
• Experience in interpreting STIG scans that reflect results on periodic basis.
• Experience in working on adding check and controls in build management system that automates scans ensure STIG compliance.

Soft Skills
• Good Team Player
• Good Written and verbal communication skills
• Customer facing experience would be added advantage

www.enterprisesolutioninc.com Pradyut Bhattacharya
Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485

Cyber Threat Analyst in NEWARK, Delaware

Information Security in CHATTANOOGA TN

 

Title                                                         INFORMATION SECURITY(5263850)
Location:                                                CHATTANOOGA TN 37402-2801
Duration:                                               12 month(s)
Hours:                                                    8:00am to 5:00 pm
Job Description
  • THIS PERSON WILL BE ACCOUNTABLE FOR HAVING FIRM KNOWLEDGE IN A BROAD RANGE OF INFORMATION SECURITY DISCIPLINES AND TO EDUCATE AND DRIVE THE IMPLEMENTATION AND STANDARDIZATION OF THE TVA ENTERPRISE SECURITY PROGRAM. THIS WILL INVOLVE CONTRIBUTING TO THE DEVELOPMENT, MAINTENANCE, AND IMPLEMENTATION OF THE ENTERPRISE SECURITY PROGRAM, AND HELPING TO ENSURE THE OVERALL ACHIEVEMENT AND COMPLIANCE WITH THE SECURITY GOALS, REGULATORY REQUIREMENTS AND COMPANY DIRECTION. THIS PERSON WILL BRING BASIC INDUSTRY INSIGHT AND INFORMATION SECURITY UNDERSTANDING TO TVA. PERFORMS CONTROL AND VULNERABILITY ASSESSMENTS TO IDENTIFY WEAKNESSES AND ASSESS THE EFFECTIVENESS OF EXISTING CONTROLS, AND RECOMMENDS REMEDIAL ACTION
  • REPORTS TO INFORMATION SECURITY MANAGEMENT CONCERNING RESIDUAL RISK, VULNERABILITIES AND OTHER SECURITY EXPOSURES, INCLUDING MISUSE OF INFORMATION ASSETS AND NONCOMPLIANCE
  • PARTICIPATE IN PROJECT REVIEWS, INCIDENT DEBRIEFS AND EVALUATION (SUCH AS AUDIT) REVIEWS TO UNDERSTAND THE ISSUES AND GAPS, FACTOR INTO CONTINUOUS IMPROVEMENT AND ALTER/ENHANCE THE EDUCATION AND COMMUNICATION PLANS.
  • PLAYS AN ADVISORY ROLE IN APPLICATION DEVELOPMENT OR ACQUISITION PROJECTS, TO ASSESS SECURITY REQUIREMENTS AND CONTROLS AND ENSURE THAT SECURITY CONTROLS ARE IMPLEMENTED AS PLANNED
  • COLLABORATES ON CRITICAL IT PROJECTS TO ENSURE THAT SECURITY ISSUES ARE ADDRESSED THROUGHOUT THE PROJECT LIFE CYCLE
  • ASSIST IN BUILDING BUSINESS CASES TO ESTABLISH, GROW AND CHANGE BUSINESS GROUPS, FUNCTIONS AND TECHNOLOGIES AND ESTABLISHES, DEVELOPS AND GROWS INFORMATION SECURITY, RISK AND COMPLIANCE OPERATIONAL SECURITY PROGRAM CONTRIBUTES TO THE DEVELOPMENT OF SECURITY ARCHITECTURE AND SECURITY POLICIES, PRINCIPLES AND STANDARDS.
  • EDUCATION — A BACHELOR’S DEGREE IN COMPUTER SCIENCE, ENGINEERING OR A RELATED FIELD OF STUDY; OR EQUIVALENT EDUCATION, TRAINING & EXPERIENCE.
  • EXPERIENCE — FIVE OR MORE YEARS OF CURRENT AND HANDS ON INFORMATION TECHNOLOGY EXPERIENCE PROTECTING ELECTRONIC AND INFORMATION BASED ASSETS. MUST HAVE SIGNIFICANT EXPERIENCE LEADING PROJECTS/TEAMS. AUDIT/INVESTIGATIONS EXPERIENCE IS HIGHLY DESIRED. OPERATING PLANT EXPERIENCE IS HIGHLY DESIRED.
  • CERTIFICATION/LICENSE, ETC — CISSP, CISM, CISA, CPP, OR EQUIVALENT PREFERRED.
  • KNOWLEDGE/SKILLS/ABILITIES — DEMONSTRATED MANAGERIAL COMPETENCIES IN LEADERSHIP, DELEGATION, ANALYSIS, TEAMWORK, COACHING/DEVELOPMENT, CUSTOMER SERVICE, PLANNING/ORGANIZING, FLEXIBILITY, STRESS TOLERANCE, COMMUNICATION. DEMONSTRATED STRATEGIC AND TACTICAL IT PLANNING. BROAD KNOWLEDGE OF BUSINESS FUNCTIONS AND RELATED EIT SECURITY NEEDS. MUST STAY FAMILIAR WITH FEDERAL LAWS, REGULATIONS, AND INDUSTRY BEST PRACTICES FOR EIT SECURITY STRATEGIES AND TECHNOLOGY. KNOWLEDGE OF IT OPERATIONAL INFRASTRUCTURE INCLUDING DISASTER RECOVERY/BACKUP, DATA MANAGEMENT, AND ABILITY TO DEVELOP/ENSURE SECURITY MEASURES/PROCESSES ARE IMPLEMENTED. EXCELLENT ABILITY TO RESEARCH, EVALUATE AND RECOMMEND TECHNICAL SOLUTIONS. ABILITY TO DEVELOP PLANS AND EXECUTE COMPLEX EFFORTS INVOLVING APPLICATION OF ADVANCED TECHNOLOGICAL KNOWLEDGE. MUST DEMONSTRATE TACT AND EFFECTIVE JUDGMENT DEALING WITH CONFIDENTIAL/SENSITIVE MATERIAL. ABILITY TO OBTAIN AND MAINTAIN SECRET SECURITY CLEARANCE REQUIRED. CANDIDATE MAY BE REQUIRED TO OBTAIN AND MAINTAIN A SECURITY CLEARANCE BASED ON POSITION / ACCESS REQUIREMENTS AND ESSENTIAL JOB FUNCTIONS.
Job Details:
• Previous work experience in the cyber security field.
• Superior written and oral communication skills.
• Strong understanding of TCP/IP communication and network topologies.
• Vulnerability analysis and remediation using automated tools.
• Extreme attention to detail, with emphasis on accuracy.
• Bachelor’s degree in a computer-related field of study or 2+ years of related work experience.
illustration information architecture

DATA/INFORMATION ARCHITECT in COLUMBIA, SC

 

 Please send your updated resume with rates expected for this position
Position Title
DATA/INFORMATION Architect
Position Id
6414-1
Agency
Department of Administration
Duration
5 Months +
Work Location
4430 BROAD RIVER ROAD, COLUMBIA, SC 29210

SCOPE OF THE PROJECT:

Will work as an Information Security Architect/Engineer in the Division of Information Security and assist with the implementation, integration and operationalizing advanced security technologies. Develop operational plans for integrating and implementing security technologies within existing division and agency infrastructure and operational processes. Develop full life cycle processes and procedures along with repeatable guides for standard implementation and assist agencies as needed to incorporate systems.

DAILY DUTIES / RESPONSIBILITIES:

Information Security architecting, engineering and operations. This is a full information security to include, systems, network and procedural.
Work with existing staff to architect and deploy advanced information security systems in a highly complex distributed enterprise environment.
Develop installation, configuration, and operational process/procedure documentation to enable Division of Technology and Agencies to install and operate approved security solution.
Work with Security Operations Center to identify enhanced data collection and correlation capabilities in existing data and gaps in data collection/analysis architecture, systems and procedures.
Identify and develop solutions for preventing, detecting and mitigating risks to information and information systems.
Conduct training as necessary to division and agency personnel on security processes, procedures and methodologies to ensure security event information is properly identified, correlated, documented and mitigated in accordance with department standards.

REQUIRED EDUCATION:
Bachelor’s degree or 8 to 10 years’ experience.

PREFERRED CERTIFICATIONS:
CISSP, CEH, MCSE, CCSP

Category
Name
Last Used
Last Used by Candidate (Year)
Experience
Candidate Exp. (in years)
Network Security
information security principles and practices
Currently Using
6 + Years
Network Security
IT Security
Currently Using
6 + Years
Network Security
Security Information Architecture
Currently Using
6 + Years
Network Security
Application Security
Within 1 Year
6 + Years
Network Security
risk/vulnerability assessments
Within 10 Years
6 + Years
Network Security
Role Based Access Control (RBAC)
Within 1 Year
6 + Years
Network Security
Security Information Event Management (SIEM) systems development / configuration
Within 1 Year
6 + Years
Networking & Directories
Access control logging and reporting systems
Currently Using
6 + Years
Networking & Directories
Experience with UNIX, Windows, Linux, MacOS, Cisco, Juniper, web apps, databases, strong authentication, operating systems and network security protocols and procedures.
Currently Using
6 + Years
Networking & Directories
Information Security
Currently Using
6 + Years
Networking & Directories
Network security
Currently Using
6 + Years
Networking & Directories
data discovery and data loss prevention (DLP)
Within 1 Year
6 + Years
Networking & Directories
Identity Access Management (IAM)
Within 1 Year
6 + Years
Networking & Directories
privileged user management (PUM)
Within 1 Year
6 + Years
Specialties
Event Handling
Within 1 Year
6 + Years
Specialties
IBM
Within 1 Year
6 + Years
REQUIRED SKILLS (RANK IN ORDER OF IMPORTANCE):
Cyber Awareness and understanding
Expert understanding of information, computer and network security. Its operation, engineering, and architecture.
Experience with UNIX, Windows, Linux, MacOS, Cisco, Juniper, web apps, databases, strong authentication, operating systems and network security protocols and procedures.
Expert understanding of access control logging and reporting systems.PREFERRED SKILLS (RANK IN ORDER OF IMPORTANCE):

  • Identity Access Management (IAM)
  • Role Based Access Controls (RBAC)
  • Privileged User Management (PUM)
  • Data Loss Prevention (DLP)
  • Security Information Event Management (SIEM) systems
  • Vulnerability Assessment (VA)
  • Applications Security (AppSec)
  • User metadata and Information Security event collection, logging and correlation
  • McAfee e-Policy Orchestrator (ePO) / DoD HBSS
  • Tenable Security Center / Nessus
  • IBM AppScan.

LogRhythm | Technical Alliances Engineer – Boulder, CO

This position will expose you to the ever growing field of technology companies within network security. There is a clear growth opportunity to gain experience working with an established, in demand security software company that is partnering with other top tier security vendors. As LogRhythm continues to grow, this position will play a critical role in enhancing our customer base through developing successful alliances within the security ecosystem.

This team is positioning our Security Intelligence Platform with the top technology partners to showcase specific use cases that will help support common customers. The business development team works with our alliance partners in a number of ways including addressing a complex and evolving security landscape, meeting compliance requirements and achieving greater operational efficiency. I’ve included the web page for our partner page which provides more detailed information: https://logrhythm.com/partners/

If you’re interested in learning more please let me know and we can set aside some time to talk. Otherwise please feel free to forward within your network to anyone that might have interest.

Cyber Threat Analyst in NEWARK, Delaware

Cyber Threat Analyst in NEWARK, Delaware

JOB Description:-
Title:                                                  Cyber Threat Analyst I (58054-1)
Location:                                           NEWARK, Delaware 19711
Duration:                                           6 Month
Visa-                                                   US citizen and GC only.
Comments :
****SHIFT WORK – ONLY THOSE CANDIDATES  REPLY WHO ARE INTERESTED IN 12-hour Shift work on the AM shift from 1AM-1PM on a 2-3-2 (Every other weekend off) schedule *****
Job Description:  
  • TAC Information Security Analyst (Must be a US Citizen)
    The Tier I Information Security Analyst is responsible for executing day-to-day tasks in the Security Operations Center 24×7. These tasks include: answering the NASS security support hotline, monitoring the NASS security support mailbox, creating tickets for client requests, monitoring and responding to Instant Messaging applications, and executing a variety of scripted actions on timed intervals. This position will also act as Tier I support for several endpoint services.
Basic Requirements:
  • Eyes on glass monitoring and resolution of security incidents within established customer Service Level Agreements.
  • Perform daily operational ‘eyes on glass’ real-time monitoring and analysis of security events from multiple sources including but not limited to events from Security Information Monitoring tools, network and host based intrusion detection systems, firewall logs, system logs (Unix & Windows), mainframes, midrange, applications and databases.
  • Monitors and analyzes attempted efforts to compromise security protocols.
  • Identifies and investigates activities and conducts and provides analyses regarding results.
  • Escalates issues to higher level associates.
  • Reviews computer logs and messages to identify and report possible violations of security.
  • Coordinates, documents, and reports on internal investigations of security violations.
  • Interacts with customers to understand their security needs; assists in the development and implementation of procedures to accommodate them.
  • Writes security status reports to provide system status, report potential and actual security violations and provide procedural recommendations.
Basic Qualifications: 
  • Bachelor’s degree or equivalent combination of education and experience in Information Security is required.
  • Zero or more years of experience in information systems security.
  • Experience working with operating systems.
  • Experience working with domain structures and digital signatures.
  • Experience working with computer desktop packages such as Microsoft Word, Excel, etc.
  • Communication skills to interact with team members, management, and support personnel.
  • Analytical and problem solving skills for design, creation and testing of security systems.
  • Ability to work independently and as part of a team.
Cyber Threat Analyst in NEWARK, Delaware

NCDOT – Info Security Specialist- 3C North Carolina

22ndstaffing.com

Work Location:                                                                   4101 Capital Blvd, Raleigh NC 27604
Interview Type:                                                                  Either Phone or In Person
Short Description:
Contract resource with senior Information Security Analyst skillset, with focus on Identity and Access Management (I&AM), risk analysis, and information security policy, standards and procedure development.
Complete Description:
The Department of Transportation is seeking a short-term contractor to implement and maintain information security best practices within the NCDOT environment related to Identity and Access Management (I&AM) as well as other information security risk assessments, analysis and consultation for various IT systems.  Identity and Access Management (I&AM) is responsible for designing, developing and supporting a suite of agency wide shared services that primarily focus on identity, authentication, authorization, request management, provisioning, and certification.  The staff is part of the IT Information Security Office (ISO), with end-to-end responsibility for the agency-wide information security policy and standards.  The candidate should be an information security analyst with extensive information security operational experience, that also understands enterprise architecture, policy, standards and procedure and can consult with support, implementation and architecture teams.
Responsibilities will include:
  • Working with project & team managers and stakeholders to produce high quality and detailed identity and access management business requirements as they related to information security
  • Develop and enforce policies for identity and access management (I&AM) team for claims based authentication
  • Define the information security policy, standards and process/procedures as required for utilizing an identity management system including:  role mining, attestation, account provisioning, cloud/federated access provisioning, and others.
  • Develop  security policies and procedures for Roles Based Access Controls in claims based architecture
  • Develop security policies and procedures for claims based architecture for Active Directory and Sharepoint
  • Actively participate in assessment, planning, architecture, and design activities
  • Design, document, and implement security controls for Identity and Access Management
  • BizTalk, UDDI, web services, and claims based authentication experience
  • Design, document, and put security governance in place for external claims based authentication
The position will be responsible for documentation of security standards, security patterns, processes and procedures related to securing of web services and interoperability of all systems for the 3C and Data Services project.  The individual will educate application development teams on those standards and processes from an information security perspective.
Questions:
Questions
Questions
Answers
Question 1
Absences greater than two weeks MUST be approved by CAI management in advance, and contact information must be provided to CAI so that the resource can be reached during his or her absence. The Client has the right to dismiss the resource if he or she does not return to work by the agreed upon date. Do you accept this requirement?
Question 2
All work must be completed on site. Do you accept this requirement?
Question 3
Please list candidate’s email address HERE that will be used when submitting E-RTR.
Question 4
Please indicate how soon this candidate is available to start work. Vendors are encouraged to submit candidates that are available for the duration of the assignment.
Question 5
Vendor must disclose to the agency if the candidate will be subcontracted at the time of submission. Do you accept this requirement?
Question 6
Vendor must notify the agency if any portion of the requirements listed in this task order are to be outsourced to other countries. Do you accept this requirement?
Question 7
This role is not new to the Department. There has been someone working in the role in the past. However, this is a new requirement for those services and it is open for competition.