Creates cyber-intelligence tools / methods and performs research and analysis in order to mitigate and eliminate high level data and cyber security risks. Designs, tests and implements state-of-the-art secure operating systems, networks, and database products. Conducts risk assessment and provides recommendations for application design.

• Develops, maintains, and reviews system documentation to implement required security controls, including but not limited to: System Security Plan, Security Categorization, Risk Assessments, Privacy Impact Assessment, Contingency Plans, and Standard Operating Procedures.
• Tracks, reports and provides recommendations on Plan of Action & Milestones (POA&M).
• Identifies unique system characteristics, interviews key organizational personnel, composes requisite documentation.
• Coordinates with system administrators and security engineers on actions to satisfy security control requirements.
• Participates in change control boards and assessments.
• Serves as project manager for assigned systems from a continuous monitoring perspective.
• Analyzes vulnerability scans and audit logs.
• Identifies risks from inherited cloud service providers and coordinates compensating measures to reduce overall risk to the environment.
• Provide timely and detailed responses to all data calls and FISMA audits
• Continuously maintain a thorough understanding of all configurations , architecture, installed software, accounts (both Operating System and Application), data flows, ports, protocols and other relevant data for each IT system.

Minimum Qualifications

• Bachelor's Degree in Computer Science or a related field or equivalent experience; Advanced Degree preferred.
• 8-15 years of experience in systems security.

Other Job Specific Skills

• Requires strong understanding of standards and requirements outlined by FISMA, NIST, OMB and others.
• Exercises considerable latitude in determining technical objectives of assignments.
• Excellent attention to detail.
• Must be able to balance multiple tasks simultaneously.
• Advanced knowledge of encryption, vulnerability assessment, penetration testing, cyber forensics, intrusion detection, and incident response and remediation.
• May interface with external entities including law enforcement, and intelligence/government agencies.
• Exercises considerable latitude in determining technical objectives of assignment.

EEO Requirements

It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.

All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.

Physical Requirements

The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.

Disclaimer

The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.