Job Summary: 

• Implement and manage the information systems security program, consistent with policies that support business objectives and requirements.
• Ensure system compliance with security policies, standards, and practices.
• Recommend and direct the implementation of solutions for non-compliant systems.
• Maintain and administer the vulnerability management program to identify security risks and recommend corrective actions by the responsible system managers.
• Assist in developing policies, procedures, and processes that enhance the overall effectiveness of the information security program.
• Work with business and project managers as new projects and processes with IT reliance are designed.
• Identify, record, and recommend remediation to align compliance and risk.
• Monitor and respond to risk alerts generated by security systems in accordance with the incident response plan.
• Facilitate and promote activities to create information systems security awareness within the organization.
• Complete risk assessments to identify critical computing and data assets and ensure they are protected.
• Stay current with the latest cybersecurity threat landscape, IT risk, and compliance tools and technology, and advise IT management of applicability to organizational systems.
• Monitor third-party service providers for compliance with information security policies and procedures.
• Assist with reviews and assessments conducted by internal and external auditors.
• Track open IT audit findings or compliance deficiencies to ensure prompt resolution and risk mitigation.

Skills on Resume: 

• Information Security Management (Hard Skills)
• Policy Compliance (Hard Skills)
• Vulnerability Management (Hard Skills)
• Incident Response (Hard Skills)
• Risk Assessment (Hard Skills)
• Audit Support (Hard Skills)
• Collaboration (Soft Skills)
• Security Awareness Training (Soft Skills)

Job Summary: 

• Function as a qualified Information Assurance Technical (IAT) Level II or Computer Network Defense - Auditor (CND-AU) professional.
• Provide network environment (NE) and advanced-level Computing Environment (CE) support.
• Understand intrusion detection, identify and fix unprotected vulnerabilities, and ensure remote access points are secured.
• Analyze threats and vulnerabilities to improve system security.
• Collect data from a variety of Computer Network Defense (CND) tools, including intrusion detection system alerts, firewall and network traffic logs, and host system logs, to analyze events occurring within the environment.
• Apply analytical skills to collected data and verify compliance with relevant non-technical controls such as physical security and configuration management.
• Perform audit functions for the Agent of the Certification Authority (ACA) or other government Information Assurance (IA) Manager for risk mitigation and reporting, including generating reports for certification and accreditation packages or Certification of Networthiness efforts.
• Assess systems and networks within the Network Environment (NE) or enclave and identify deviations from acceptable configurations, enclave policy, or local policy.
• Perform passive evaluations (compliance audits) and active evaluations (penetration tests and/or vulnerability assessments).

Skills on Resume: 

• Information Assurance (Hard Skills)
• Network Support (Hard Skills)
• Computing Support (Hard Skills)
• Intrusion Detection (Hard Skills)
• Threat Analysis (Hard Skills)
• Compliance Auditing (Hard Skills)
• Audit Reporting (Hard Skills)
• Penetration Testing (Hard Skills)

Job Summary: 

• Provide operational support for information security tool alerts, triaging, and maintenance.
• Execute information security activities, including vulnerability management, disaster recovery, business continuity, and risk management.
• Perform first-level incident response triage.
• Assist with the assessment of security controls and evaluate the security posture of organizational controls.
• Collaborate with IT and business colleagues to enhance the security program.
• Research security trends, new methods, and techniques to preemptively eliminate the possibility of system breaches.
• Serve as Subject Matter Expert (SME) on information security-related projects and assigned initiatives.
• Assist with the development of Cyber Awareness Training.
• Maintain confidentiality on all sensitive security matters.
• Perform risk analyses, including risk assessments.
• Conduct recurring monthly, quarterly, and annual self-security audits and tests.
• Perform proactive scanning of systems, applications, and services to identify security and compliance vulnerabilities.
• Research network products, services, protocols, and standards to remain abreast of developments in the information security industry according to FISMA standards.

Skills on Resume: 

• Security Operations (Hard Skills)
• Vulnerability Management (Hard Skills)
• Incident Response (Hard Skills)
• Security Assessment (Hard Skills)
• Collaboration (Soft Skills)
• Security Research (Hard Skills)
• Awareness Training (Soft Skills)
• Risk Analysis (Hard Skills)

Job Summary: 

• Support Information System Engineering services performed by the Information System Security Engineer (ISSE).
• Identify information protection needs for an IS and Network Environment.
• Define IS and Network Environment security requirements in accordance with applicable cybersecurity requirements.
• Design security architectures for use within the IS and Network Environment.
• Design and develop cybersecurity-enabled products for use within an IS and Network Environment.
• Integrate and implement security with Cross Domain Solutions (CDS) for use within an IS and Network Environment.
• Develop and implement security designs for new or existing network systems.
• Ensure that the design of hardware, operating systems, and software applications adequately addresses cybersecurity requirements for the IS and Network Environment.
• Design, develop, and implement network security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
• Design, develop, and implement specific cybersecurity countermeasures for the IS and Network Environment.
• Develop interface specifications for the IS and Network Environment.
• Develop approaches to mitigate IS and Network Environment vulnerabilities and recommend changes to network or network system components.
• Ensure that network system designs support the incorporation of FBI-directed cybersecurity vulnerability solutions.

Skills on Resume: 

• System Engineering (Hard Skills)
• Security Requirements (Hard Skills)
• Security Architecture (Hard Skills)
• Cybersecurity Development (Hard Skills)
• Cross Domain Solutions (Hard Skills)
• Network Security (Hard Skills)
• Countermeasure Design (Hard Skills)
• Vulnerability Mitigation (Hard Skills)

Job Summary: 

• Serve as the IT Security subject matter expert (SME) in the planning, design, and implementation of enterprise security architecture for technical, operational, and administrative activities.
• Maintain detailed knowledge of the IT security industry, including awareness of new or revised security solutions, improved security processes, and the identification and resolution of vulnerabilities and threat vectors.
• Actively monitor systems and networks for potential intrusions.
• Review logs and reports of all devices, whether under direct control (security tools) or indirect control (workstations, servers, network devices, etc.), interpret the implications of activity, and devise plans for appropriate resolution.
• Lead, conduct, and maintain security risk assessments, identify security vulnerabilities, develop recommendations, document findings, and create remediation plans.
• Manage remediation plans through to closure.
• Act as the escalation point for security incidents.
• Define security standards and incident response plans to detect, respond to, and recover from security incidents using a risk-based methodology.
• Develop and document security policies and procedures, training, and awareness programs.
• Serve as a security expert reviewing and recommending security controls for network, application designs, operating systems, endpoint protection, mobile device implementations, and new or updated applications and services.
• Ensure business and technical requirements are aligned with security policies and implemented within regulatory and compliance frameworks.

Skills on Resume: 

• Security Architecture (Hard Skills)
• Industry Knowledge (Hard Skills)
• Intrusion Monitoring (Hard Skills)
• Log Analysis (Hard Skills)
• Risk Assessment (Hard Skills)
• Remediation Management (Hard Skills)
• Incident Response (Hard Skills)
• Policy Development (Hard Skills)

Job Summary: 

• Serve as and perform the duties of an Alternate Information System Security Officer (ISSO) for one or more FISMA Accredited Information Systems.
• Support and assist lead ISSOs and Alternate ISSOs in daily security responsibilities.
• Assist in system security assessment and authorization activities.
• Maintain system security posture documentation, including asset inventory, compliance status, and remediation tracking.
• Prepare documentation required for annual self-assessments and accreditation reviews.
• Review and assess environment change requests in line with configuration management and asset tracking.
• Update and maintain system documentation to reflect ongoing security operations.
• Provide security configuration expertise to support business operations.
• Ensure implementation of organizational security policies, standards, guidelines, and procedures.
• Assist with monitoring and enforcing compliance with security requirements.
• Support remediation activities related to identified vulnerabilities or weaknesses.
• Contribute to the development of strategies for maintaining a secure information system environment.
• Collaborate with stakeholders to address security control gaps.
• Ensure systems remain compliant with FISMA and related frameworks.

Skills on Resume: 

• Information System Security (Hard Skills)
• Security Assessment (Hard Skills)
• Documentation Management (Hard Skills)
• Configuration Management (Hard Skills)
• Compliance Monitoring (Hard Skills)
• Vulnerability Remediation (Hard Skills)
• Stakeholder Collaboration (Soft Skills)
• Policy Implementation (Hard Skills)

Job Summary: 

• Identify weaknesses and implement preventive actions to reduce the risk of security breaches while ensuring sufficient IT controls are in place.
• Plan and execute IT-related internal audit assignments in alignment with organizational priorities.
• Collaborate with the Internal Audit (IA) team to support broader business-related audit assignments.
• Prepare detailed internal audit reports that clearly present findings, risks, and recommendations.
• Agree on internal audit findings and action plans with relevant business units, ensuring accountability and ownership.
• Review and follow up on the implementation of all previously agreed IT-related audit findings.
• Ensure compliance with security configuration requirements, including HIPAA, HiTrust, and applicable state and federal regulations.
• Lead the development and review of enterprise security documentation, including policies, standards, guidelines, and procedures.
• Administer security toolsets, conduct vulnerability scans, and coordinate with external security vendors and internal IT/Service Delivery teams to define the scope of internal and external vulnerability scans and penetration tests.
• Develop and deliver organization-wide security awareness training programs to strengthen security culture.

Skills on Resume: 

• Risk Mitigation (Hard Skills)
• IT Auditing (Hard Skills)
• Report Preparation (Hard Skills)
• Compliance Management (Hard Skills)
• Policy Development (Hard Skills)
• Vulnerability Management (Hard Skills)
• Vendor Coordination (Soft Skills)
• Awareness Training (Soft Skills)