Information Security Advisor Job at International Software Systems, Inc. in Rock

Information Security Advisor

Responsibilities

• This role will be primarily responsible for performing assessments of systems and networks within the network environment to identify where those systems/networks deviate from acceptable configurations or policies, and for measuring the effectiveness of defense-in-depth architecture against known/detected vulnerabilities as per the federal cybersecurity standards & guidelines.
• Analyze an organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
• Support authorized penetration testing on enterprise network assets.
• Prepare reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions;
• Perform vulnerability analysis; Measure the effectiveness of controls against known vulnerabilities.
• Work with stakeholders (system administrators and owners) to manage risks\vulnerabilities
• Perform technical (evaluation of technologies) and non-technical (evaluation of people and operations) impact\risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, supporting infrastructure, and applications).
• Identify systemic security issues based on the analysis of vulnerability and configuration data
• Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes).
• Ensure remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.; Provide clear updates to management on vulnerabilities; Investigate, document, and report on the status and emerging trends
• Maintain up-to-date vulnerability profiles, including respective detection and countermeasures
• Participate in industry task forces and working groups where appropriate to understand current and emerging vulnerabilities to stay up to date

Job Requirements

• Minimum 8 years’ experience in Information Security is required along with a minimum of 4 years of hands-on experience in at least 4 of the following:
• Application of Risk management frameworks and processes
• Use of vulnerability management tools; AppScan, Tenable, Invicti, ForeScout and DbProtect preferred
• Creating\improving risk management policies, procedures, and operations - Participating in cross-functional efforts for managing organization-wide risks
• Conducting Penetration Tests using Kali and\or CoreImpact
• Collecting, organizing, analyzing and reporting updates, alerts, advisories, and bulletins
• Use of industry-standards and widely accepted analysis principles and methods

Must know

• Risk management processes (e.g., methods for assessing and mitigating risk).
• Cybersecurity principles, security models, organizational requirements (w.r.t. confidentiality, integrity, availability, authentication, non-repudiation), cyber threats, risks and vulnerabilities, cryptography and cryptographic key management concepts, host/network access control mechanisms (e.g., ACLs), network access, identity, & access management (e.g., PKIs), Computer networking concepts and protocols, and network security methodologies. - Ethical hacking principles, general attack stages; Specific operational impacts of cybersecurity lapses; programming language structures and logic.
• Basic system administration, network, and operating system hardening techniques

Must be

• Able to communicate, verbally and in writing, complex technical issues with simplicity & clarity
• Strong Interpersonal skills, excellent attention to detail and analytical skills
• Able to exercise discretion and maintain confidentiality - Proficient in reporting and answering analytical questions using vulnerability data

Education/Certifications

• Applicants selected will be subject to a Public Trust background security investigation and may need to meet eligibility requirements for access to sensitive information.
• A BA or BS degree in MIS, CS, or related cybersecurity discipline (Masters preferred)
• Industry standards such as CEH, CRISC, GRCP or related GIAC (preferred but not required)