ISP / Data Security Specialist

  • location: Tallahassee, FL
  • type: Contract
  • salary: $50 - $53 per hour

job description

ISP / Data Security Specialist

job summary:
Scope of Work

Required consultant experience provided by Contractor, shall include:

- 6+ years of experience in IT security related responsibilities for networks (min. 2 yrs.), servers (min. 2 yrs.), and workstations (min. 2 yrs.).

- 2+ years of experience in IT security related processes-assessing risk and developing security

strategies to best meet business needs while ensuring confidentiality, integrity, and availability of information.

- 2+ years of demonstrated experience producing information security related documentation

addressing procedures, standards, and guidelines to ensure information security. E.g. Procedure to address the containment, eradication, and restoration of a workstation compromised by a Trojan that was not detected by anti-virus software.

- 2+ years of demonstrated experience in using information security tools such as vulnerability

scanners, sniffers, log monitoring, etc. Preferred tools include Qualsys, Logvault, Wireshark,

Carbon Black, CheckPoint, F5.

- Demonstrated experience in security monitoring that included configuration, analysis, assessment, and response.

- Demonstrated ability and experience in working with third parties to coordinate, monitor, respond to and coordinate cyber security threats, incidents, and mitigations and responses.

- Demonstrated experience in developing security measures. (E.g. Developed a process that

streamlined containment of infected workstations, or developed a process creating greater

accountability and mitigations for security exceptions)

- Demonstrated experience in working independently (taking initiative) while working in a team

environment (cooperating with team members and supporting team members).

- Demonstrated experience in addressing cyber security incidents that resulted in timely eradication of the cause and restoration of business processes.

- Demonstrated ability to communicate effectively - oral and written.

- Demonstrated understanding of basic security principles relating to confidentiality, integrity, and availability, risk assessments, administrative controls, technical controls, disaster recovery, etc.

- Demonstrated experience with Microsoft Word, Excel, and PowerPoint. (Visio a plus).

Preferred Experience:

- Information Security Certification(s) E.g. CISSP, GIAC, CISA, CISM, CCIE Security, CompTIA, etc.

- Experience in IT security related to application development.

- 1+ years of experience in Pen Testing.

- 2+ years of experience in writing and/or developing system security plans.

- 2+ years of experience working with a Managed Security Service Provider.

3.1 Required Duties and Responsibilities of Consultant shall include but are not limited to:

The candidate will provide technical and strategic information security support to the Information Services Program (ISP) contacts as needed. Duties will include assisting with existing managed security services and other information security projects related to the customer's security objectives and programs.

The duties of the candidate will include the following:

- Examine and assess the existing network architecture for FDOR and develop a plan to simplify the network infrastructure and design a layered security for the entire FDOR network.

- Develop a project plan to reduce complexity and increase security for the network and

infrastructure and in implementing the project plan.

- Perform network-wide risk assessments on the entire network infrastructure and

applications.

- Monitor workstations for customer. This will include monitoring, configuring and implementing malware scanning tools, vulnerability scanning tools, penetration testing, application scanning tools, and database scanning tools.

- Participate in Incident response activities, to include at a minimum analysis, containment,

eradication, restoration, and reporting.

- Bring existing workstations up to date with existing endpoint security solutions. Assist in upgrading all workstations to the Window 7/8/10 Operating System (OS) platform and Microsoft Office 2010/2013/2016 applications suite. Anti-malware, patching (OS, Office, and all supported software) must be updated on a majority of systems.

- Perform extensive monitoring of workstation configurations, software and OS patches, Anti-Virus (AV) signatures, and software licenses must be performed on a regular basis to ensure endpoint security.

- Mitigate vulnerabilities, non-compliance, and malware on workstations.

- Monitor Connectivity to MFN (My Florida Network) via Juniper Secure Analytics to analyze incoming and outgoing traffic.

- Monitor all Workstations for malicious software, patching, unauthorized software, and

unsecure configurations.

- Assess servers for hardening and admin access.

- Perform security assessments of new technologies, new applications, workstations, networks, and network devices prior to implementation.

- Perform day-to-day interaction and coordination with the MSSP's Security Operations Center

regarding cyber threats, incidents, monitoring priorities and needs, analysis, and strategies.

- Perform day-to-day interaction and coordination with NWRDC and AST-Southwood Operations Staff regarding cyber threats, incidents, monitoring priorities and needs, analysis, and strategies.

- Assist Application Owners in developing Information Security Plans for each system. This will include current vulnerability scans and risk analysis data. Currently, most customer IT systems lack detailed Security Plans based on FISMA (Federal Information Security Management Act) standards. This hinders incident response measures and puts security into a one size fits all pattern. These plans will provide insight into security gaps and plans for appropriate incident response.

The contractor will address the needs stated above by accomplishing the following:

- Determine and assess risk and potential impact of information systems.

- Draft specific policy and procedures to address risks and develop incident response measures.

Education/Certifications

All Consultants must have earned a bachelor's degree in Computer Science, Management Information Systems (MIS), or other related field or equivalent work experience of one (1) year system's experience for each year of education; or one (1) year of data management experience for each year of education.

 
location: Tallahassee, Florida
job type: Contract
salary: $50 - 53 per hour
work hours: 8am to 5pm
education: No Degree Required
 
responsibilities:
Scope of Work

Required consultant experience provided by Contractor, shall include:

- 6+ years of experience in IT security related responsibilities for networks (min. 2 yrs.), servers (min. 2 yrs.), and workstations (min. 2 yrs.).

- 2+ years of experience in IT security related processes-assessing risk and developing security

strategies to best meet business needs while ensuring confidentiality, integrity, and availability of information.

- 2+ years of demonstrated experience producing information security related documentation

addressing procedures, standards, and guidelines to ensure information security. E.g. Procedure to address the containment, eradication, and restoration of a workstation compromised by a Trojan that was not detected by anti-virus software.

- 2+ years of demonstrated experience in using information security tools such as vulnerability

scanners, sniffers, log monitoring, etc. Preferred tools include Qualsys, Logvault, Wireshark,

Carbon Black, CheckPoint, F5.

- Demonstrated experience in security monitoring that included configuration, analysis, assessment, and response.

- Demonstrated ability and experience in working with third parties to coordinate, monitor, respond to and coordinate cyber security threats, incidents, and mitigations and responses.

- Demonstrated experience in developing security measures. (E.g. Developed a process that

streamlined containment of infected workstations, or developed a process creating greater

accountability and mitigations for security exceptions)

- Demonstrated experience in working independently (taking initiative) while working in a team

environment (cooperating with team members and supporting team members).

- Demonstrated experience in addressing cyber security incidents that resulted in timely eradication of the cause and restoration of business processes.

- Demonstrated ability to communicate effectively - oral and written.

- Demonstrated understanding of basic security principles relating to confidentiality, integrity, and availability, risk assessments, administrative controls, technical controls, disaster recovery, etc.

- Demonstrated experience with Microsoft Word, Excel, and PowerPoint. (Visio a plus).

Preferred Experience:

- Information Security Certification(s) E.g. CISSP, GIAC, CISA, CISM, CCIE Security, CompTIA, etc.

- Experience in IT security related to application development.

- 1+ years of experience in Pen Testing.

- 2+ years of experience in writing and/or developing system security plans.

- 2+ years of experience working with a Managed Security Service Provider.

3.1 Required Duties and Responsibilities of Consultant shall include but are not limited to:

The candidate will provide technical and strategic information security support to the Information Services Program (ISP) contacts as needed. Duties will include assisting with existing managed security services and other information security projects related to the customer's security objectives and programs.

The duties of the candidate will include the following:

- Examine and assess the existing network architecture for FDOR and develop a plan to simplify the network infrastructure and design a layered security for the entire FDOR network.

- Develop a project plan to reduce complexity and increase security for the network and

infrastructure and in implementing the project plan.

- Perform network-wide risk assessments on the entire network infrastructure and

applications.

- Monitor workstations for customer. This will include monitoring, configuring and implementing malware scanning tools, vulnerability scanning tools, penetration testing, application scanning tools, and database scanning tools.

- Participate in Incident response activities, to include at a minimum analysis, containment,

eradication, restoration, and reporting.

- Bring existing workstations up to date with existing endpoint security solutions. Assist in upgrading all workstations to the Window 7/8/10 Operating System (OS) platform and Microsoft Office 2010/2013/2016 applications suite. Anti-malware, patching (OS, Office, and all supported software) must be updated on a majority of systems.

- Perform extensive monitoring of workstation configurations, software and OS patches, Anti-Virus (AV) signatures, and software licenses must be performed on a regular basis to ensure endpoint security.

- Mitigate vulnerabilities, non-compliance, and malware on workstations.

- Monitor Connectivity to MFN (My Florida Network) via Juniper Secure Analytics to analyze incoming and outgoing traffic.

- Monitor all Workstations for malicious software, patching, unauthorized software, and

unsecure configurations.

- Assess servers for hardening and admin access.

- Perform security assessments of new technologies, new applications, workstations, networks, and network devices prior to implementation.

- Perform day-to-day interaction and coordination with the MSSP's Security Operations Center

regarding cyber threats, incidents, monitoring priorities and needs, analysis, and strategies.

- Perform day-to-day interaction and coordination with NWRDC and AST-Southwood Operations Staff regarding cyber threats, incidents, monitoring priorities and needs, analysis, and strategies.

- Assist Application Owners in developing Information Security Plans for each system. This will include current vulnerability scans and risk analysis data. Currently, most customer IT systems lack detailed Security Plans based on FISMA (Federal Information Security Management Act) standards. This hinders incident response measures and puts security into a one size fits all pattern. These plans will provide insight into security gaps and plans for appropriate incident response.

The contractor will address the needs stated above by accomplishing the following:

- Determine and assess risk and potential impact of information systems.

- Draft specific policy and procedures to address risks and develop incident response measures.

Education/Certifications

All Consultants must have earned a bachelor's degree in Computer Science, Management Information Systems (MIS), or other related field or equivalent work experience of one (1) year system's experience for each year of education; or one (1) year of data management experience for each year of education.

 
qualifications:
  • Experience level: Experienced
  • Minimum 6 years of experience
  • Education: No Degree Required
 
skills:
  • SECURITY ENGINEER (6 years of experience is preferred)
  • Workstations (2 years of experience is preferred)
  • Wireshark
  • Carbon Black
  • Data Center
  • SECURITY ANALYST
  • Data Analysis
  • SECURITY
  • FIREWALL ENGINEER
  • Network Security
  • Data Analysis
  • CHECKPOINT
  • Cyber Security
  • Pen Testing

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

get jobs in your inbox.

sign up
{{returnMsg}}

related jobs



    Groovy/ Python Engineer

  • location: Tallahassee, FL (remote)
  • job type: Contract
  • salary: $1 - $99 per hour
  • date posted: 3/3/2021