Information Assurance & Security Specialist

Role: Information Assurance & Security Specialist

Location: Washington DC 20004 (Hybrid)

Visa: USC/GC/GC-EAD/H4-EAD/OPT-EAD

Hire Mode: Contract

Duties

1.As part of the OCFO technology team, the Security Specialist (Infrastructure Group) will be maintaining and monitoring day to day operation of the OCFO IT infrastructure Security.

2.The IT Consultant will help and perform monitoring, maintenance, and security IT infrastructure (physical, virtual and cloud).

3.IT consultant will perform OS, security and application upgrades of servers and network to keep them up to date.

4.IT consultant will develop, implement, maintains, and enforce documented standards and procedures for the design, development, installation, modification, and documentation of assigned systems.

5.IT consultant will plan, coordinate, and monitor project activities for OCFO Infrastructure group and duties as assigned.

6.Onboarding of Logs from various log sources into SIEM (e.g.: Firewalls, Routers, Switches, Applications, etc.)

7.Log analysis of Firewall, AD, Switches, another deployed security products Knowledge of vulnerability assessment tools to identify and mitigate issues.

8.Perform Vulnerability assessment and having hands-on experience with Vulnerability Management tools like Qualys and Nessus

9.Co-ordinate with Patching team and assist them with patching, which should not be limited to software updates.

10. Having strong understanding of different security protocols.

11. Respond to escalation calls from the Help desk, Desktop support, and other teams to debug and resolve security and perform maintenance.

12. Understands security troubleshooting processes and cooperates with another team.

13. Assists Service Desk technicians as needed with Tier I and Tier II troubleshooting and patching of desktop systems, software (MS Office, Java, Adobe), printer issues, and server related issues as needed. Provides trouble-shooting assistance on production and non-production supported systems.

14. May recommend methods and techniques for obtaining solutions.

15. Initiates preventive maintenance for the technical system.

Responsibilities

1.Determines enterprise information assurance and security standards.

2.Develops and implements information assurance/security standards and procedures.

3.Coordinates, develops, and evaluates security programs for an organization. Recommends information assurance/security solutions to support customers' requirements.

4.Identifies, reports, and resolves security violations.

5.Establishes and satisfies information assurance and security requirements based upon the analysis of user, policy, regulatory, and resource demands.

6.Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.

7.Performs analysis, design, and development of security features for system architectures (not mandatory but good to have)

8.Analyzes and defines security requirements for computer systems which may include mainframes, workstations, and personal computers (not mandatory but good to have)

9.Designs, develops, engineers, and implements solutions that meet security requirements (not mandatory but good to have)

10. Provides integration and implementation of the computer system security solution.

11. Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.

12. Performs vulnerability/risk analyses of computer systems and applications during all phases of the system development life cycle.

Qualifications

1. 5-7years of experience developing, maintaining, and recommending enhancements to IS policies/requirements (Required)

2. 5-7years of experience performing vulnerability/risk analyses of computer systems/apps (Required)

3. 5-7years of experience identifying, reporting, and resolving security violations(Required)

4. Patching Servers both Windows and Linux (Required)

5. Patching Desktop Windows 10/11 (Required)

6. Understanding of VMware environment (Desired)

7. Production support (Required)

8. Server and Desktop troubleshooting (Required)

9. Basic understanding of industry standards like NIST, CIS, COBIT, ISO 27001 (Desired)

10. SIEM Logging, Monitoring and Configuration (Desired)

11. Cloud experience (MS Azure) (Desired)

Education

1. Bachelor's Degree in IT or related field or equivalent experience (Required)

2.Security+, CISM, CISA and other certifications (Preferred)