T
Info Security Analyst IV (STIG Compliance/Vulnerability Management SME)
Salary undisclosed
Apply on
Original
Simplified
Description:
A government integrator has an opportunity for a STIG Compliance/Vulnerability Management Subject Matter Expert (SME) to work on the NOAA contract. The position can be based in either Fairmont, WV or Boulder, CO.
This position is part of the NOAA Cyber Security Center (NCSC) Security Operations Center (SOC) that executes 24x7 cybersecurity monitoring and incident response for NOAA networks. The STIG Compliance/Vulnerability Management Subject Matter Expert (SME) will work on the ISSO team to help manage the Vulnerability Management plan as well as institute a STIG compliance program. Additionally, as part of the Information Assurance team, develops assessment and validation strategies to ensure compliance. As STIG Compliance/Vulnerability Management SME be capable of understanding a multitude of different technologies, including but not limited to, Windows (workstations and desktops), Linux, Juniper, Cisco, appliances like iDrac, and other applications. Additionally, they need to not only be able to use Tenable/ ACAS, but also should be familiar with EvaluateSTIG, Compliance Viewer and other tools.
As the STIG Compliance/Vulnerability Management SME, you will work either independently or as part of a team to achieve critical mission objectives, ensuring smooth operations for the customer.
What Will You Do
Evaluate security risks on systems
Evaluate STIG compliance
Execute and manage the NCSC Vulnerability Management Plan
Create and maintain compliance scan policies
Maintain a master asset list
Troubleshoot scan issues and coordinate with appropriate team members
Continuously research emerging threats to the environment in order to disseminate the information to all stakeholders, immediately assess the known environment for presence of the vulnerability, and work with the SOC and SE&O to protect the NOAA environment
Ensure system compliance against federal, DOC, NOAA policies
Identify & document all non-compliant areas
Support Assessment and Authorization activities
Conduct, operate, and maintain vulnerability/compliance assessments and the resulting data and reports
Author and maintain SOPs and runbooks
Other duties as assigned
Job Qualifications
Bachelor's degree in Information Technology, Cybersecurity, or related field with 8 or more years of STIG Compliance/Vulnerability Management experience to including implementing and evaluating STIG controls and security baselines; additional years of experience required in lieu of a Bachelor's degree.
Significant experience with NIST Cybersecurity Framework and/or risk management within the Intelligence Community.
2+ years of project management experience.
Experience being part of a high performing A&A teams and adapting standards to create "best practices".
Demonstrate knowledge of ports and protocols
Demonstrate knowledge of DISA STIGs and related tools
Possess the knowledge of security best practices, security solutions, and methodologies for risk management per NIST Cybersecurity Framework guidelines.
Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
Familiar with the management, operational, and technical aspects of IT Security in a complex environment.
Clearance Requirement
An active DoD Top Secret clearance
Skills:
Splunk, Security, Risk management, Information security, Cyber security, Risk assessment, Risk analysis, security policy, security technology, security clearance, Siem, security operations, incident response, port security, security infrastructure, security vulnerability
Top Skills Details:
Splunk, Security, Risk management, Information security, Cyber security, Risk assessment, Risk analysis, security policy, security technology, security clearance
Additional Skills & Qualifications:
Splunk experience is a huge benefit for this role
Experience Level:
Expert Level
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
A government integrator has an opportunity for a STIG Compliance/Vulnerability Management Subject Matter Expert (SME) to work on the NOAA contract. The position can be based in either Fairmont, WV or Boulder, CO.
This position is part of the NOAA Cyber Security Center (NCSC) Security Operations Center (SOC) that executes 24x7 cybersecurity monitoring and incident response for NOAA networks. The STIG Compliance/Vulnerability Management Subject Matter Expert (SME) will work on the ISSO team to help manage the Vulnerability Management plan as well as institute a STIG compliance program. Additionally, as part of the Information Assurance team, develops assessment and validation strategies to ensure compliance. As STIG Compliance/Vulnerability Management SME be capable of understanding a multitude of different technologies, including but not limited to, Windows (workstations and desktops), Linux, Juniper, Cisco, appliances like iDrac, and other applications. Additionally, they need to not only be able to use Tenable/ ACAS, but also should be familiar with EvaluateSTIG, Compliance Viewer and other tools.
As the STIG Compliance/Vulnerability Management SME, you will work either independently or as part of a team to achieve critical mission objectives, ensuring smooth operations for the customer.
What Will You Do
Evaluate security risks on systems
Evaluate STIG compliance
Execute and manage the NCSC Vulnerability Management Plan
Create and maintain compliance scan policies
Maintain a master asset list
Troubleshoot scan issues and coordinate with appropriate team members
Continuously research emerging threats to the environment in order to disseminate the information to all stakeholders, immediately assess the known environment for presence of the vulnerability, and work with the SOC and SE&O to protect the NOAA environment
Ensure system compliance against federal, DOC, NOAA policies
Identify & document all non-compliant areas
Support Assessment and Authorization activities
Conduct, operate, and maintain vulnerability/compliance assessments and the resulting data and reports
Author and maintain SOPs and runbooks
Other duties as assigned
Job Qualifications
Bachelor's degree in Information Technology, Cybersecurity, or related field with 8 or more years of STIG Compliance/Vulnerability Management experience to including implementing and evaluating STIG controls and security baselines; additional years of experience required in lieu of a Bachelor's degree.
Significant experience with NIST Cybersecurity Framework and/or risk management within the Intelligence Community.
2+ years of project management experience.
Experience being part of a high performing A&A teams and adapting standards to create "best practices".
Demonstrate knowledge of ports and protocols
Demonstrate knowledge of DISA STIGs and related tools
Possess the knowledge of security best practices, security solutions, and methodologies for risk management per NIST Cybersecurity Framework guidelines.
Deep technical understanding of core current cybersecurity technologies as well as emerging capabilities.
Familiar with the management, operational, and technical aspects of IT Security in a complex environment.
Clearance Requirement
An active DoD Top Secret clearance
Skills:
Splunk, Security, Risk management, Information security, Cyber security, Risk assessment, Risk analysis, security policy, security technology, security clearance, Siem, security operations, incident response, port security, security infrastructure, security vulnerability
Top Skills Details:
Splunk, Security, Risk management, Information security, Cyber security, Risk assessment, Risk analysis, security policy, security technology, security clearance
Additional Skills & Qualifications:
Splunk experience is a huge benefit for this role
Experience Level:
Expert Level
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms. If eligible, the benefits available for this temporary role may include the following:
- Medical, dental & vision
- Critical Illness, Accident, and Hospital
- 401(k) Retirement Plan - Pre-tax and Roth post-tax contributions available
- Life Insurance (Voluntary Life & AD&D for the employee and dependents)
- Short and long-term disability
- Health Spending Account (HSA)
- Transportation benefits
- Employee Assistance Program
- Time Off/Leave (PTO, Vacation or Sick Leave)
About TEKsystems:
We're partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. That's the power of true partnership. TEKsystems is an Allegis Group company.
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job Similar Jobs
