Job Description

Job Details

Richmond, VA

None

Description

Position Description

This position is responsible for understanding the best practices and regulatory environment for IT security and privacy and how to practically implement those items.In addition, the candidate is responsible for verifying current security posture and working with system owners to remediate vulnerabilities, ensure regulatory and policy compliance.

Key Responsibilities:

• Security Requirements: Design and implement security measures for the protection of computer systems, networks and information.
  
  
  
  • Identify, define and communicate information security requirements
  
  
  • Prepare and document standard security procedures and processes as well as technology specific security baselines
  
  
  • Consult and advise system owners on the best methods for meeting information security requirements and remediated identified vulnerabilities
  
  
  • Define system policies for systems users
  
  


• Security Engineering:
  
  
  
  • Plan, design, build, integrate and maintain security infrastructure tools and systems
  
  
  • Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
  
  
  • Lead response to security events and incidents as outlined in the UNOS Incident Response Guide
  
  
  • Define network systems security requirements and specifications
  
  
  • Lead the development and implementation of information security procedures
  
  
  • Evaluate network system design and configuration for security
  
  
  • Develop recommendations for systems security upgrades and improvements
  
  
  • Evaluate the impact of security configuration on system design and performance
  
  
  • Define application security standards and polices for users and developers
  
  
  • Evaluate web application design and servers for security compliance
  
  
  • Evaluate technology and usage trends for impact on security
  
  
  • Develop recommendations for systems security upgrades and improvements
  
  
  • Evaluate systems design and configuration for security
  
  
  • Monitor, report, and remediate security vulnerabilities
  
  
  • Perform network security audits, analyze results and make recommendations for remediation
  
  
  • Mentor junior staff and offer guidance on information security practices and processes
  
  
  • Assist with maintaining the information security roadmap
  
  
  • Manage medium to large information security projects
  
  
  • Assist with government compliance reporting
  
  

Minimum Requirements

• 5 years of technical experience working in the Information Security fieldrequired

Critical Skills

• Hands-on experience implementing and administering information security systems.


• Ability to analyze systems based on business and technical user stories/requirements in order to design solutions that best meet the overall objectives of stakeholders


• Ability to strategically analyze and articulate risks, benefits and opportunities associated with a proposed design or solution.


• Demonstrated ability to design and implement complex security systems with the goal of meeting business and security objectives


• Demonstrated ability to design modifications to existing systems that improve security without compromising business objectives


• Ability to design complex information security systems that impact multiple domains across Service Operations and Software Engineering


• Ability to review and mentor the work of others in evaluating business objectives, detailing security user stories and generating technical specifications


• Champion information security throughout the organization


• Ability to estimate total costs of proposed solutions, including effort, acquisition costs and on-going costs


• Security Incident Response, Vulnerability Management, SIEM, IAM, PKI and/or Firewall design, implementation and management experience


• Experience working with NIST 800-53

Additional Skills & Qualifications

• Experience in the information technology field


• Experience leading multiple large projects, leading definition, selection and implementation of security tools, technologies and processes


• Experience evaluating potential solutions, selecting and recommending the best solution


• Experience producing design documents that are used by others to effectively implement solutions


• Security certifications a plus (ISC2, ISACA, GIAC, EC-Council, Offensive Security, etc.)

Education

• 4-year Degree in Computer Science/Engineering or equivalent IT Information Security experience

Physical Requirements

• General office demands
  
  
  
  • Prolonged periods of sitting at a desk and working on a computer.
  
  
  • Frequent reaching, handling, and fine manipulation for using office equipment, filing, and managing paperwork.
  
  
  • Manual dexterity sufficient to operate a keyboard, mouse, and other office tools.
  
  
  • Occasional standing, walking, and bending.
  
  
  • Ability to lift up to 10-20 pounds occasionally.
  
  
  • Vision abilities required include close vision for computer work and reading documents.
  
  
  • Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  
  

Job Tags

Similar Jobs