Information Security Systems Officer - CSA – Careers Fairfax, VA Bookmark Share Print 157 0 1

Listing Description

CSA is currently seeking a self-motivated Information Security Systems Officer to join our internal IT team to support company IT operations. This position is located remotely in the Washington DC metro area but may require occasional travel to office locations in Pennsylvania, Virginia (Hampton Roads), New Jersey, and California. The successful candidate should be technical, customer service oriented, and enthusiastic with respect to the nature of work. This position will operate as part of a greater IT team supporting operations to our employee base.

Responsbilities
  • Design the protection and security controls at an organizational level for CSA’s data, networks, systems, and sites.
  • Establish, implement, and manage security policies, procedures, and practices in support of compliance objectives and CSA’s mission and goals. 
  • Create and maintain documentation in support of the Information Security Management System (ISMS).
  • Take corrective action to resolve problems identified to ensure CSA business critical systems are operated and maintained in accordance with established policies, procedures and industry best practice.
  • Manage and update configuration items (CI) such as information system or enterprise software, hardware and firmware by making changes considering the impact and risk.
  • Prepare and review documentation including and not limited to information security policies, procedural documents, System Site Security Plans (SSPs), Risk Assessment plans and security incident reports.
  • Review, document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment.
  • Continually assess and perform security reviews to identify gaps or areas of improvement to validate controls or further solidify CSA’s security posture.
  • Establish a plan of actions and milestones (POAM)or remediation plans are in place for vulnerabilities identified.
  • Develop, initiate, and schedule necessary security activities to comply with CMMC, NIST 800-171, ISO 27002.
  • Identify, assess, and advise on cybersecurity control compliance and associated insider/user alerts and risks. Escalate alerts and risks for further review and communicate any trends, findings or concerns as needed.
  • Conduct Business Impact Analysis on risks discovered by vulnerability, compliance scans, or other audit activity and make determinations and recommendations on severity and priority.
  • Provides support for administrative requirements to include formal and informal security documentation.
  • Design, implement, and support security testing and analysis of Information Systems to evaluate the efficacy of security policies utilizing IT applications and resources in place or providing rationale and recommendations for any new resources.
  • Implement/Install security measures and software to protect systems and information infrastructure including firewalls and data encryption programs.
  • Maintain a broad knowledge of current and emerging security threats and how to prepare of the mitigation of such threats if applicable in CSA’s infrastructure.
  • Administer the connection between systems/data sources to ensure logs are collected from systems and devices across the organization into the existing SIEM for analysis, review to guarantee measurable and actionable outcomes that contribute to the overall security and performance of the ISMS. 
  • Initiate, review and facilitate configuration changes as part of the organization Change and Release process.
  • Assist with the delivery of various quarterly reports such as audit results and account and endpoint status and compliance. 
  • Promote and take part in the organization wide effort to maintain compliance with NIST, CMMC and ISO methodologies.
  • Examine reports on phishing simulations, follow up communication and reporting to Leadership and other functional areas to promote and encourage Security Awareness within the organization.
  • Where appropriate, offer expertise in fine tuning systems alerts to reduce administrative burden and increase efficiencies/prioritization.
  • Schedule and execute tabletop incident response exercises, conducting investigations into security incidents following defined Incident Response procedures.
  • Work collaboratively with the IT Team, partners, and external suppliers, to ensure the organization's security systems are up to date, documented, and implement plans and execute assigned security-related tasks.

    • Required Qualifications
  • 10+ years of experience with Network Administration and configuring network equipment both on-prem and cloud-based 
  • 5+ years administrative level experience in areas of Microsoft 365 including but not limited to: Azure AAD/ATP, Security, Compliance, Endpoint Manager, MS Defender.
  • 2+ years in IT security, demonstrating a strong understanding of security fundamentals. 
  • Fundamental awareness of Common Vulnerabilities and Exposures (CVE)
  • Competent in information security within systems, devices and corresponding frameworks that pertain to safeguarding classified and proprietary information, information security posture and controls (i.e. CMMC, NIST 800-171, ISO 27002)
  • Bachelor's Degree 
  • 5+ years of experience with Network Administration and configuring network equipment both on-prem and cloud-based 
  • 2+ years in IT security, demonstrating a strong understanding of security fundamentals. 
  • 2+ years of experience with the Microsoft 365 cloud suite including Office, Teams/Skype for Business, SharePoint, and OneDrive. 

    • Preferred Qualifications
  • Evidence of being detail oriented with strong critical thinking in areas of IT process analysis/ process improvement.
  • Experience with SOP, Policy, and Procedure writing.
  • Experience with NIST System Security Plans and POAMs
  • Foundational knowledge in Data Loss Protection and Privileged Access Management.
  • IT Project Management experience supporting an SMS or ISMS.
  • Security Operations experience with operating systems, or cloud infrastructures and 
  • Experience creating and fine-tuning SIEM content such as correlation rules, reports, dashboards, filters, channels, and integrating threat intelligence to improve accuracy and visibility to potential threats and alerts.
  • Experience creating and delivering Security Awareness Training at an organizational level.
  • Ability to obtain a security clearance, if required. 
  • US Citizen 

    • Certificate
  • One or more of the following certifications: 
  • Security CE GIAC Security Essentials Certification (GSEC)  
  • Security Certified Network Professional (SCNP)  
  • System Security Certified Practitioner (SSCP) 
  • CompTIA Security+
  • Microsoft Certified: Azure Security Engineer Associate
  • MCITP (Enterprise Administrator) 
  • Microsoft Certified IT Professional (MCITP) 
  • Microsoft Certified Systems Administrator (MCSA) 
  • Microsoft Certified Systems Engineer (MCSE) 
  • Experience with internal or external security audits

    • Physical Demands
  • Work Environment and Physical Requirements 
  • Travel demands may include local and long-distance travel to and from the client site as required by the client. 
  • Prolonged periods of sitting at a desk and working on a computer may be required. 
  • May be required to lift up to 50 pounds at times.  
    • REASONABLE ACCOMMODATIONS STATEMENT
    To perform this job successfully, an individual must perform the essential job duties satisfactorily with or without reasonable accommodation and without posing a direct threat to the safety or health of the employee or others. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions of the position.
     
    PHYSICAL DEMANDS
    General office environment. Work is generally sedentary in nature but may require standing and walking for up to 10% of the time. Lighting and temperature are adequate, and there is minimal exposure to hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment.
     
    AFFIRMATIVE ACTION (AAP/EEO STATEMENT)
    CSA is an Equal Opportunity Employer. All qualified applicants will receive consideration for
    employment without regard to race, color, sexual orientation, disability, national origin, or any other protected characteristic outlined by the Equal Employment Opportunity Commission (EEOC).
     
    DISCLAIMER
    The Company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the Company reserves the right to change this job description and/or assign tasks for the employee to perform, as the Company may deem appropriate.
     
    PAY RANGE:
    Pay Range $115,000-145,000
    CSA’s pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, or other law.

    This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.

    Applicants may need to meet eligibility requirements for access to classified information; an active United States Department of Defense security clearance or the ability to obtain one may be required for this role.

    As a federal contractor, CSA is subject to any federal vaccine mandates or other customer vaccination requirements. All new hires are required to report their vaccination status. 

    WE BELIEVE great companies know who they are and what they stand for. CSA’s common purpose and core values were purposefully developed to create a culture focused on unlocking the full potential of our people—so they are inspired to solve our clients’ toughest challenges. It’s no secret, we owe the past 18 years of our success to our outstanding and ambitious team members. To support our hard working team, we offer an environment focused on learning and growth, an awesome benefits package, and opportunities to build a long and successful career.
     
    We are constantly on the hunt for talented, forward-thinking problem solvers with an energetic attitude and a strong work ethic to join our elite team of CSAers.   
      

    Be a part of CSA… do great things!

    CSA is a Federal Contractor and an Equal Opportunity/Affirmative Action Employer.

    If you are an individual with a disability and would like to request a reasonable workplace accommodation for any part of our employment process, please send an email to hr@csaassociates.com. Please indicate the specifics of the assistance needed. Assistance is reserved for individuals who are requesting a reasonable workplace accommodation. It is not intended for other purposes or inquiries. We’re an equal opportunity employer that empowers our people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status or other protected characteristic.

    If you are a California resident applying for a job, you consent to our California Job Applicant Privacy Notice.

    Notification for current or previously cleared professionals:

    Official U.S. Government information appearing in the public domain shall not automatically be considered UNCLASSIFIED or approved for public release. CSA recognizes that information contained in resumes of current or previously cleared professionals may be sensitive, contain potentially proprietary and/or protected information. Protected Information is considered classified, in the process of a classification determination, or unclassified, but protected by statute. Therefore, all resumes should be approved for public release by a U.S. Government Official with Original Classification Authority, prior to posting the resume to CSA’s applicant tracking system.
    By submitting my resume, I understand that I am NOT authorized to upload content with Official U.S. Government information that is considered, sensitive, proprietary, or protected.

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!