security compliance

U.S. CITIZENSHIP IS REQUIRED

ISYS Technologies is currently hiring a Security Compliance Analyst to support a government customer in Page, Arizona. Job duties will include, but may not be limited to:

Perform IT security assessments and other technical evaluations, develop and implement technical processes and procedures, conduct technical vulnerability assessments, analyze vulnerabilities and develop remediation plans.

Develop and maintain configuration baselines, document and implement continuous diagnostics and monitoring processes, procedures and tools, and develop recommendations for improving the o verall CRSP security and compliance posture.

Provide technical assistance in the development, maintenance and implementation of IT compliance requirements.

Provide version control for information, documents, software, hardware, and other services to ensure that users are provided correct and current information.

Provide periodic assistance with completing data calls, analyses, or other requests for information related to IT compliance activities.

Document and assess all available IT security patches for applicability to approximately 141 CRSP IT devices located across the UC Region within 30 calendar days of patch or upgrade availability.

Test, document, install, and verify all security related patches and anti-virus and malware prevention updates on approximately 141 CRSP IT devices.

Document compensating measures to mitigate risk exposure in any case where a security patch is not installed.

Revise CRSP patch, anti-virus, malware-prevention, and vulnerability management processes and procedures.

Train UC personnel on updated CRSP patch, anti-virus, and vulnerability management processes and procedures.

Implement UC job plans for the updated CRSP patch, anti-virus, and vulnerability management processes and procedures.

Perform and document Cyber Vulnerability Assessments on CRSP IT devices, document action plans to mitigate identified vulnerabilities and track and document the execution status of any required action plans.
Convert system shared accounts on CRSP devices to individual accounts where technically feasible.

Develop a process to ensure that all individual and shared account passwords are changed in accordance with IT security compliance requirements and incorporate that new process into CRSP Access Control procedures.

Identify transferred and/or terminated personnel who had been granted access to embedded accounts but have since been transferred or terminated and verify that physical and system level logical access has been removed.

Ensure that all individual and shared accounts that require password changes are changed in accordance with access control procedures.

Establish, implement and document technical controls to ensure that individual and shared system accounts and authorized access permissions are consistent with the concept of ‘need-to-know’.

Conduct IT security assessments of CRSP systems, following NIST Special Publication 800-53A guidance (current version) in support of the Annual Assurance Statement.

Document comprehensive security assessment results that include a full description of the weaknesses and deficiencies discovered during an assessment, the potential for compromise, weakness impact and specific recommendations to remediate any findings.  Security assessment results must be documented in the Cyber Security Assessment Management (CSAM) system.

Provide IT security expertise related to incident response, contingency plans, risk assessments and security impact analyses.

Monitor, track and update Plan of Action and Milestones (POA&Ms) within CSAM.

Develop and implement POA&M remediation schedules.

Document Weakness Completion Verification Forms (WCVF) for POA&Ms for planned Risk Acceptance and/or closure due to remediation.

 

Minimum Qualifications

Minimum of 5 years’ e xperience and knowledge of: Security Patch and Vulnerability Management Cyber Vulnerability Assessments on CRSP IT devises NIST Special Publication 800-53A

Knowledge of ICS technology components (Remote Terminal Units(RTU), Programmable Logic Controllers (PLCs), relays, sensors, switches etc.), protocols (TCP/IP, DNS, Modbus, Profibus, Common Industrial Protocol etc.) and ICS systems (Supervisory Control and Data Acquisition (SCADA), Physical Access Control Systems (PACS)).

Knowledge and experience in planning, developing, implementing, and executing IT services to support the planning, development, implementation, and execution of UCPO NERC-CIP v3 and v5 and FISMA IT security compliance activities.

Operational experience with CRSP operating systems and device types to include: 65 SEL 3021 encryption devices; 2 AIX 4.3.3 FEPs; 9Solaris 8 servers; 2 Windows 2000 servers; 1 Windows 2000 workstation; 4 Windows XP workstations; 11 Windows 7 workstation; 5 Windows 2008 R2 servers; 2 RedHat servers; 10 Cisco Switches, 6 Cisco Routers, 1 Cisco PIX, 1 HP printer; 5 Lenel LNL-3300 boards; 2 Pelco DVRs; and 12 GE D20 RTUs.

Security patching and vulnerability management experience to include performing assessment, testing, installation and documentation for security patch upgrades and anti-virus/malware-prevention.

Experience conducting technical vulnerability assessments, analyzing vulnerabilities and developing, documenting and tracking remediation plans.

Knowledge of network security architecture concepts including topology, protocols, components and principles (e.g. application of Defense-in-Depth).

Experience conducting and documenting IT security control assessments that adhere to NIST Special Publication 800-53A guidance (current version).

Extensive experience in completing IT security and compliance standards, plans, processes, procedures, training materials, and templates for organization-wide use.

Government contracting knowledge and experience.

Knowledge and expertise in applying industry-endorsed best practices, and IT security and compliance frameworks/principles to include relevant certifications.

Ability to work with a range of customers or users and tec hnical personnel in a professional and courteous manner on technical and non-technical issues.

ISYS Technologies is an Engineering and Information Technology Company focused on providing Services to the Federal and State Government. ISYS offers a competitive compensation program and comprehensive benefits package to our employees including Health/Dental/Vision/PTO/OT Bonus and more. ISYS Technologies is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or status as a protected veteran.