Information Assurance (IT Security Specialist) Level III

VariQ is an information security and information technology services company delivering strategic solutions to technology-enabled enterprises. Core competencies include Cyber Security, IT Infrastructure support, and Program Management. VariQ is a Microsoft Gold Partner and a Symantec Platinum Partner.

The Information Assurance/IT Security Specialist will provide support management on the OBIM contract by planning, coordinating, and implementing information security needs including but not limited to: identifying current security infrastructure, defining future programs, and designing, developing and implementing Systems Security and Assessments (SS&A) for DHS IT Systems.

* Provide program level security management and engineering support across ITD Program areas in support of the OBIM mission, utilizing the Information Assurance Compliance Systems (IACS), Xacta Information Assurance Manager, and DHS Cyber Security * Provide Information Security Management, Operations and Engineering support, Certification and Accreditation support (C&A), support audits (IG and GAO), Deep Dive - Critical Control Review (CCRs) and Security Configuration Readiness Assessment (SCRAs), and Management of Plans of Action and Milestones (POAMs). * Performs risk analyses, risk assessment, and information security planning. Perform server hardening and utilize contingency planning. * Daily oversees the security staff to design, develop, engineer and implement solutions to security requirements. * Serve as Information System Security Officer (ISSO). Perform security evaluations, prototypes and reporting on tools in assessment process. * Monitor, report, remediate and ensure compliance according to the Federal Information Systems Management Act (FISMA) including vulnerability scans, patch management, security integration and incident handling procedures. * Identify POA&M items, Security Education, Training and Awareness. finalize Authority to Operate (ATO) packages, and address System Change Requests (SCRs) * Track, document and report the Annual Information Assurance Awareness Training Compliance, and create a Security Controls/Requirement Catalog. * Analyze, define, plan, design and develop guidance for the areas of Network and Systems Lifecycle Security, Data Security, Identification, Authentication, Authorization, and Non-Repudiation, Security Event/Incident Monitoring, and Response, Emerging technologies and tool assessment, and Change Management and Security Configuration Guidance. * Align the controls both hierarchically at the enterprise or component level (common and general support system) and application level. * Attend security conferences as required * Ensure that updates are made to the Target Architecture from a security perspective including supporting and interacting with NIST and DHS level guidance. * Support and maintain Security Operations to include support and manage public key infrastructure registration activities, firewall change requests, PICs requests, data center scanning requests, and DHS data centers server account requests. * Develop Interconnection Security Agreements (ISAs)

* Knowledge of POA & M's, C&A, NIST and FISMA * Understanding of business security practices and procedures; * Knowledge of current security tools available; * Hardware/software security implementation: * Different communication protocols; * Encryption techniques/tools; * Familiarity with commercial products, and current Internet/EC technology. * Industry Standard Certification (CISSP, GSLC, CISM, CISA, CAP, CISM, CEH, GCIH)