Offer summary

Qualifications:

At least 5 years of experience in IT security concepts and methodologies., Proficiency in verbal and written communication, project management, and handling multiple tasks., Knowledge of NIST guidance and federal IT security policies., Relevant certifications such as CISSP, CISA, or CEH are required..

Key responsabilities:

Analyze and recommend security measures for information systems.

Conduct penetration testing and assessments of Federal Information Systems.

Lead and direct the work of others while reporting to project leaders or managers.

Adjust to changing priorities and work in a team-oriented environment.

Job description

This is a remote position.

Job Title: IT Security Specialist – Pen Tester

Location: Washington, DC.

Duration: Full-Time.

Description: Analyzes information security systems and applications and recommends and develops security measures to protect information against unauthorized modification or loss. Familiar with a variety of the field's concepts, practices, and procedures. Relies on experience and judgment to plan and accomplish goals. Performs a variety of complicated tasks. May lead and direct the work of others. Typically reports to a project leader or manager. A wide degree of creativity and latitude is expected.

Skills:

Proficiency in verbal and written communications.

Proficiency in interview skills

Proficiency in interpersonal skills.

Proficiency in handling multiple tasks concurrently.

Proficiency in project and time management.

Ability to adjust to changing priorities.

Ability to work in a cohesive team-oriented environment.

Requirements:

Knowledge of DOC, NOAA, and NWS IT security policies and implementation standards or those of similar sized organizations AND comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards.

At least 5 years of recent experience (within the last 6 years) in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools

At least 5 years of recent experience (within the last 6 years) with enterprise architecture methodologies, concepts, procedures, principles, and tools

At least 5 years of recent experience (within the last 6 years) in contingency planning and backup and recovery best practices and application of NIST guidance in this area

At least 5 years of recent experience (within the last 6 years) in using technical testing tools (Tenable Security Center, ArcSight, IBM Big Fix, etc.)

At least 5 years of recent experience (within the last 6 years) in conducting penetration testing or the ability to bring in a penetration tester when required

At least 5 years of performing assessments of Federal Information Systems using the Risk Management Framework

Certification:

Information System Security Training for Significant Roles for a Certification Agent/Security Controls Assessor: Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

GIAC Systems and Network Auditor (GSNA)

Electronic Commerce Council Certified Ethical Hacker (CEH)

ISC2 Certified in Governance, Risk and Compliance (CGRC)

Security Certified Network Professional (SCNP)

Security Certified Network Architect (SCNA)

If the contractor’s employee(s) does not possess one of the aforementioned certifications, they must provide documentation that they have already taken training and they must pass the exam within six months of joining the contract.

Security Clearance:

Successful completion of background investigation without any adverse findings are required. Knowledge of and experience with the technical and administrative information system security requirements for high impact, high availability systems in government organizations is required.

Salary:

110000 to 120000

Required profile