Job Information
Fusion Technology LLC Security Controls Assessor in Washington, District Of Columbia
Who are you?
Trusted Employee: The Government trusts you and so do we. You possess an active Public Trust security clearance (Or are able to obtain a Public Trust clearance). You must also be able to obtain Department of Homeland Security (DHS) suitability.
U.S. citizenship is a requirement for this position.
Knowledgeable: You have 7+ years of experience as a proven IT Assessments.
Field Certified: You are a go-getter and an excellent test taker. You earned and maintain the following certifications:
Certified Information Systems Security Professional (CISSP) or ISACA's Certified Information Security Manager (CISM)
Certified Analytics Professional (CAP) or CompTIA Advanced Security Practitioner (CASP+)
What we do:
The U.S. Department of Homeland Security (DHS) Science & Technology Directorate (S&T) Office of the Chief Information Officer (OCIO) focuses on providing the tools, technologies, and knowledge products for the nation’s Homeland Security Enterprise. S&T strives to enable effective, efficient, and secure operations across all homeland security missions by applying scientific, engineering, analytics, and innovative approaches to deliver timely solutions in support of DHS's mission.
What you’ll do:
Some of the services you will provide will include the following:
Implementing an IT Security Review and Assistance Program to aid the ISSOs in authoring security assessment and authorization documentation.
Scheduling IT security review and assistance visits and ensuring these visits are completed and participating in review and assistance visits.
Coordinating with ISSOs and providing guidance and oversight in identifying and documenting deficiencies and prioritizing them based on the mission, risk, and funding.
Evaluating configurations and implementation of firewalls, proxy servers, routers, Virtual Private Networks (VPNs), Intrusion Detection System (IDS), wireless networks, etc. against legal requirements, departmental/local policy, industry best practices and vendor recommendations.
Conducting vulnerability assessments and penetration testing for all IT systems, with the assessment/testing level to be based on each system’s status within the security assessment and authorization cycle and authority to operate status. Analyze systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses. Respond to vulnerability issues within 5 Calendar days of occurrence. Present any security issues that are found to the system owner with an assessment of their impact and a recommendation for mitigation or technical solution.
Providing penetration testing and ethical hacking services in network, wireless and web application environments; these shall include Social Engineering (including but not limited to the ability to perform Phishing and Spear Phishing); these services should be performed following a documented and standardized methodology. The goals and objectives for each exercise will be determined by the S&T CISO. • Performing static code reviews as required, based on a given system’s status within the security assessment and authorization cycle, authority to operate status, and estimated risk profile. Static code review includes analyzing systems for potential vulnerabilities that may result from improper system configuration, hardware or software flaws, or operational weaknesses. The Contractor shall also perform static code analysis on software developed in-house and by contracted developers. The Contractor shall present any security issues that are found to the ISSO, Compliance Officer, system owner, authorizing official, and the S&T CISO along with an impact assessment and a recommendation for mitigation and technical solution.
Ensuring coordination among the DHS Security Operations Center and the Information Security Vulnerability Management Program when vulnerability assessments cross multiple Component responsibilities.
Ensuring DHS encryption policy is implemented and enforced and advising project managers on the implementation of DHS encryption standards.
Who is Fusion Technology?
Fusion Technology is a performance-driven HUBZone Small Business concern residing in the heart of the beautiful mountainsides of West Virginia, steps away from the Federal Bureau of Investigation's Criminal Justice Information Services Division's Headquarters. Founded in 2007 by an Engineer-by-trade, Fusion Technology dedicates our valuable resources to providing comprehensive IT services and solutions to mission-critical US Government programs and the Intel Community.
What matters to you matters to us.
Fusion Technology values its employees and works hard to ensure proper care for them and their families. We desire to compensate employees in a competitive, motivational, fair, and equitable way with other employers in the marketplace. Salary is only one component of employee compensation but an integral part of recruiting and retaining qualified employees. However, at Fusion Technology, we take a comprehensive approach and consider each employee's needs to tailor a compensation plan that provides financial security and peace of mind. Our competitive package includes a best-in-class matching 401K program, comprehensive Cigna healthcare plan, a competitive employer contribution to a health savings account, vision and dental plans, life insurance, short- and long-term disability, and personal leave, in addition to paid certifications and training.
Fusion Technology LLC is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills, and experiences within our workforce. Qualified applicants will receive consideration for employment without regard to sex, race, ethnicity, age, national origin, citizenship, religion, physical or mental disability, medical condition, genetic information, pregnancy, family structure, marital status, ancestry, domestic partner status, sexual orientation, gender identity or expression, veteran or military status, or any other basis prohibited by law.
Powered by JazzHR