Job Description :
Purpose of the Job Assists with development of information security policies; ensures policies are applied and maintained for computer network components including: routers, modem banks, remote access, firewalls, content filtering, web servers, telephone switches, and servers running operating systems; provides reports for the information security program. Requirements: 10 years of experience in computer technology and/or information systems 5 years of experience in information security Required Job Skills Experience with ISO 27002, 27002/BS7799 and COBIT Intermediate knowledge of Microsoft Applications and Suites, Windows Server, and Microsoft SQL databases. Knowledge of Microsoft SharePoint and its security levels. Preferred Certifications - any of the following Certified Cisco Network Administrator (CCNA) or Accredited Configuration Engineer (ACE) or Microsoft Certified Systems Engineer (MCSE) or Red Hat Certified Systems Administrator (RHCSA) Certified Information Systems Security Professional (CISSP) Systems Security Certified Practitioner (SSCP) Certified Ethical Hacker (CEH) Certified Information System Auditor (CISA) GIAC Security Expert (GSE) Certified Forensics Examiner (CFE) Qualified applicant resumes must demonstrate past experience in most of the following activities: Utilize security administration documentation and processes. Evaluate security risk assessments of new systems and upgrades to determine impact to information security. Assist workforce members with security-related questions or problems. Maintain user profiles for all Information Security Services-controlled applications/systems. Coordinate access control and special access requests. Review and analyze violation reporting with follow-up as necessary. Review and analyze security requests as needed for potential conflicts involving segregation of duties. Participate in small-scale projects, including quality and corporate task teams Monitor anti-virus and anti-malware systems, secure email bypass notifications, and users'' Internet access. Perform basic Metavance security operations. Maintain integrated security solutions (IDS, SIEM, DLP) and develop system security plans according to federal guidelines Research and evaluate security products to procure best-of-breed technology and test security systems performance. Develop and perform "penetration” efforts to test network vulnerability to intrusion by hostile individuals or groups. Investigate, document, and report any actual or potential information security violations, incidents, breeches or inappropriate computer use Support the development and implementation of a security awareness and virus management program Assist management with establishing, reviewing and maintaining information security policies and procedures; participate in ensuring security compliance with agency regulatory requirements. Participate in production roll outs and ensure systems are promoted securely. Coordinate with and provide guidance to the firewall team during firewall meetings. Monitor and release secure email bypass notifications. Perform basic Metavance security operations. Execute the Business Associate Risk Assessment (BARA) methodology. Weigh business needs against security concerns and articulate issues to management. Provide subject matter expertise to business and project teams to define security policy and technical requirements. Assist workforce members with security related questions or problems. Identify opportunities to improve procedures and processes that support the adoption of electronic capabilities Ensure department leverages internal tools and applications to ensure document libraries and procedures are organized Participate or lead small to medium scoped projects Participate in on-site business associate security assessments that may require travel. Educate workforce members on security practices through individual training, Intranet articles, etc. Facilitate and/or create new procedures and processes that support advancing technologies or capabilities. Evaluate high-level project information and assess project components to forecast work effort required