Description
Description
SAIC is seeking an experienced and proactive expert to join our distinguished Information Assurance/Information Security (InfoSec) team. The ideal candidate will exemplify a results-driven attitude and possess the expertise to oversee and manage multiple complex systems efficiently. This candidate must have a Secret Clearance and be able to get a TS/SCI. Candidates must sit on site in our Arlington VA Location.
Job Responsibilities:
Proactive Problem Solving and Support: Provide expert solutions to complex issues faced by team members and proactively address potential roadblocks.
Team Collaboration and Communication: Facilitate and lead discussions with team members, ensuring clear and effective communication of plans and strategies.
Continuous Monitoring and Auditing: Lead and oversee continuous monitoring efforts, perform comprehensive system audits, and provide advanced risk management insights.
Risk and Compliance Advisory: Offer strategic advisory services on compliance frameworks and develop guidelines for security tools and processes based on industry best practices.
Process Improvement and Documentation: Lead efforts to refine, document, and optimize security processes and procedures, with a focus on efficiency and effectiveness.
Project and Task Management: Manage complex projects and tasks using tools like Azure DevOps (ADO), ensuring timely and successful completion.
Technical Leadership: Provide strategic direction and leadership for security projects, ensuring compliance with policies and alignment with organizational goals.
Security Incident Management: Act as the primary responder for high-severity security incidents, conducting thorough investigations and implementing robust corrective measures.
Vulnerability Management: Lead efforts to identify, assess, and mitigate vulnerabilities in information systems, ensuring proactive security posture.
Access Control Management: Oversee and manage the entire lifecycle of user access controls, ensuring robust authorization and authentication mechanisms are in place.
System Security Engineering: Lead the design and implementation of secure systems and architectures, ensuring alignment with security best practices.
Compliance Audits Preparation: Lead the preparation for and facilitation of external and internal compliance audits, ensuring readiness and adherence to standards.
Policy Development: Develop, update and enforce comprehensive information security policies and procedures, ensuring alignment with organization and regulatory requirements.
Training and Awareness: Design, develop, and conduct advanced security training and awareness programs for staff, fostering a culture of security within the organization.
Threat Intelligence: Lead the monitoring, collection and comprehensive analysis of threat intelligence from multiple, diverse sources. Develop and update risk assessment frameworks to integrate advanced threat intelligence insights.
Qualifications
· Bachelor's degree and five (5) years of related experience, or Master's degree and 3 years' experience.
· Active Secret clearance, with the ability to obtain TS/SCI clearance.
· DoD 8570/8140 IAM Level III certification (CISSP, CISM, CCISO)
· Extensive experience and deep knowledge of DCSA and DAAPM.
· Advanced working knowledge of Risk Management Framework (RMF) and substantial experience creating and overseeing RMF System Security Plans in eMASS.
· In-depth familiarity with NISPOM, NIST 800-53, and ICD 503.
· Advanced experience with security assessment tools such as SCAP Compliance Checker, STIG Viewer, and ACAS/Nessus.
· Expert proficiency in Windows (10/11) and Windows Server (2018/2022) operating systems.
· Thorough understanding of Windows integration into Microsoft Active Directory, PKI, and Group Policies.
· Comprehensive knowledge of Host-Based Security Systems (HBSS).
· Extensive experience with DISA security policies, including STIGs and IAVA.
Skills:
· Exemplary interpersonal and communication skills with the ability to lead and influence stakeholders at all levels.
· Proven ability to operate autonomously and lead complex security projects or functions.
· Strategic vision and capability to ensure a thorough and proactive security posture across the organization.
Desired Experience:
· Advanced experience in implementing security controls for both Windows and Linux Operating Systems.
· Significant experience with the operation and maintenance of a government SIPRNet system.
· Proven ability to adopt a holistic approach to security, ensuring overall security posture and contributing to team success.
Apply on company website
Find Connections via Linkedin
