Job Description

Ref No.:18-15806
Location: Baltimore, Maryland
Systems Security Specialist Senior
Work Location: 750 East Pratt Street, 6th Floor, Baltimore, MD 21202


Duration: (Anticipated from December 3, 2018 through June 30, 2021). MHBE will have the unilateral option to renew the term of the Task Order Agreement for two additional one-year terms: July 1, 2021 through and including June 30, 2022; and July 1, 2022 through and including June 30, 2023 (option periods delineated in RFRs may vary).
Job Description
Labor Category/s
(From Section 1 Above)
Duties / Responsibilities
Systems Security Specialist (Senior)
Conduct Static and Dynamic Application code and security vulnerability testing.
Conduct Penetration testing on Enterprise applications and recommend remediation using available tools and technologies.
Educate and support application developers and administrators in fixing security vulnerability issues in all tiers of applications including network, database and web/application servers.
Incident Response and Forensics evaluation using security information and event management (SIEM) tools
Work with Systems and Network Administrators to evaluate and enforce security controls and hardening rules as determined by industry standards for state and federal security compliance requirements.
Integrate applications with SIEM tools and log aggregation / analysis tools such as Splunk.
Ensure that the MHBE system security requirements are addressed during all phases of the system development life cycle.
Conduct daily/weekly security audit log reviews and report any suspicious activities.
Conduct security impact analysis of controls on proposed system changes.
Conduct ongoing security reviews and tests of the MHBE systems to periodically verify that security and operating controls are functional and effective.
Review and update systems security documentation and artifacts such as SSP, ISRA, PIA, SSR, CAP and POA&Ms.
Create and track POA&M requirements for resolving security findings.
Adhere to all security, change control and MHBE Project Management Office (PMO) policies, processes and methodologies.
Note: The candidate must have the flexibility to work overtime, as needed, to include weekends, holidays, and off-hours.
Job Description
Labor Category/s
(From Section 1 Above)
Minimum Qualifications
Systems Security Specialist (Senior)
A minimum of eight (8) years of experience in analysis and definition of system security requirements.
A minimum of five (5) years of experience in performing static analysis of applications using different tools and technologies such as Fortify, AppScan, Veracode, SonarQube.
A minimum of five (5) years of experience in performing dynamic / customized security analysis of web applications using various tools and technologies to perform penetration testing and identify vulnerabilities/security issues and suggesting remedial measures.
A minimum of three (3) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
A minimum of two (2) years of experience working with Web Application Firewall (WAF), Content Delivery Network (CDN) tools such as Akamai, Incapsula, AWS WAF, Cloudflare.
Active CISM, CISSP, CISA, or other Security Certifications
Experience in performing Security Incident Response and Forensics evaluation with SIEM Tools.
Preferred Qualifications
The additional Experience/Knowledge/Skills listed below are preferred by the MHBE.
Systems Security Specialist (Senior)
A minimum of five (5) years of specialized experience in defining computer security requirements for high-level applications, evaluation of approved security product capabilities, and developing solutions to MLS problems.
Demonstrated understanding of information security concepts and regulatory compliance requirements.
A minimum of seven (7) years of experience with performing security assessment of infrastructure, applications, and static/dynamic code analysis for web applications in Java, JavaScript.
Experience with assessment and evaluation of information systems to recommend changes, mitigate threats, risks, and vulnerabilities. Conduct Incident Response testing to evaluate processes for detection, response, and reporting of security incidents.
Experience in developing DISA STIGS, IRS/CIS Benchmark style hardening checklists to establish system security baseline documentation.
Experience with administering and maintaining all security architecture technology solutions including SIEM, vulnerability management, anti-virus management, database monitoring and encryption, IDS/IPS, Data Loss Prevention, and Web Application Firewall.
A minimum of four (4) years of experience in managing computer systems and utilizing Tenable Security Center to manage security vulnerabilities and compliance configurations.
Experience as a Certified Ethical Hacker.
Experience with network implementation of Cisco Routers & Switches, CISCO ASA & Fortinet Firewall.
A minimum of five (5) years hands-on experience in implementing Minimum Acceptable Risk Standards for Exchange (MARS-E 2.0) based on NIST SP 800-53 rev4 Security and Privacy Controls.
A minimum of five (5) years hands-on experience in NIST SP 800-37 applying Risk Management Framework.
ITIL v3 or equivalent Certification, ISCC certification.
Experience working and developing with PMO processes, policies and procedures.
LABOR CATEGORY TITLE - Systems Security Specialist (Senior)
RequirementCandidate Relevant Experience *
Education:
Bachelor's Degree from an accredited college or university in Engineering, Computer Science, Information Systems, Business or other related Discipline. Master's degree preferred.
Minimum QualificationsCandidate Relevant Experience *
A minimum of eight (8) years of experience in analysis and definition of system security requirements.
A minimum of five (5) years of experience in performing static analysis of applications using different tools and technologies such as Fortify, AppScan, Veracode, SonarQube.
A minimum of five (5) years of experience in performing dynamic / customized security analysis of web applications using various tools and technologies to perform penetration testing and identify vulnerabilities/security issues and suggesting remedial measures.
A minimum of three (3) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
A minimum of two (2) years of experience working with Web Application Firewall (WAF), Content Delivery Network (CDN) tools such as Akamai, Incapsula, AWS WAF, Cloudflare.
Active CISM, CISSP, CISA, or other Security Certifications
Experience in performing Security Incident Response and Forensics evaluation with SIEM Tools.
Preferred QualificationsCandidate Relevant Experience *
A minimum of five (5) years of specialized experience in defining computer security requirements for high-level applications, evaluation of approved security product capabilities, and developing solutions to MLS problems.
Demonstrated understanding of information security concepts and regulatory compliance requirements.
A minimum of seven (7) years of experience with performing security assessment of infrastructure, applications, and static/dynamic code analysis for web applications in Java, JavaScript.
Experience with assessment and evaluation of information systems to recommend changes, mitigate threats, risks, and vulnerabilities. Conduct Incident Response testing to evaluate processes for detection, response, and reporting of security incidents.
Experience in developing DISA STIGS, IRS/CIS Benchmark style hardening checklists to establish system security baseline documentation.
Experience with administering and maintaining all security architecture technology solutions including SIEM, vulnerability management, anti-virus management, database monitoring and encryption, IDS/IPS, Data Loss Prevention, and Web Application Firewall.
A minimum of four (4) years of experience in managing computer systems and utilizing Tenable Security Center to manage security vulnerabilities and compliance configurations.
Experience as a Certified Ethical Hacker.
Experience with network implementation of Cisco Routers & Switches, CISCO ASA & Fortinet Firewall.
A minimum of five (5) years hands-on experience in implementing Minimum Acceptable Risk Standards for Exchange (MARS-E 2.0) based on NIST SP 800-53 rev4 Security and Privacy Controls.
A minimum of five (5) years hands-on experience in NIST SP 800-37 applying Risk Management Framework.
ITIL v3 or equivalent Certification, ISCC certification.
Experience working and developing with PMO processes, policies and procedures.


LABOR CATEGORY TITLE - Systems Security Specialist (Senior)
RequirementCandidate Relevant Experience *
Education:
Bachelor's Degree from an accredited college or university in Engineering, Computer Science, Information Systems, Business or other related Discipline. Master's degree preferred.
Minimum QualificationsCandidate Relevant Experience *
A minimum of eight (8) years of experience in analysis and definition of system security requirements.
A minimum of five (5) years of experience in performing static analysis of applications using different tools and technologies such as Fortify, AppScan, Veracode, SonarQube.
A minimum of five (5) years of experience in performing dynamic / customized security analysis of web applications using various tools and technologies to perform penetration testing and identify vulnerabilities/security issues and suggesting remedial measures.
A minimum of three (3) years of experience in defining computer security requirements for high-level applications and evaluating approved security product capabilities.
A minimum of two (2) years of experience working with Web Application Firewall (WAF), Content Delivery Network (CDN) tools such as Akamai, Incapsula, AWS WAF, Cloudflare.
Active CISM, CISSP, CISA, or other Security Certifications
Experience in performing Security Incident Response and Forensics evaluation with SIEM Tools.
Preferred QualificationsCandidate Relevant Experience *
A minimum of five (5) years of specialized experience in defining computer security requirements for high-level applications, evaluation of approved security product capabilities, and developing solutions to MLS problems.
Demonstrated understanding of information security concepts and regulatory compliance requirements.
A minimum of seven (7) years of experience with performing security assessment of infrastructure, applications, and static/dynamic code analysis for web applications in Java, JavaScript.
Experience with assessment and evaluation of information systems to recommend changes, mitigate threats, risks, and vulnerabilities. Conduct Incident Response testing to evaluate processes for detection, response, and reporting of security incidents.
Experience in developing DISA STIGS, IRS/CIS Benchmark style hardening checklists to establish system security baseline documentation.
Experience with administering and maintaining all security architecture technology solutions including SIEM, vulnerability management, anti-virus management, database monitoring and encryption, IDS/IPS, Data Loss Prevention, and Web Application Firewall.
A minimum of four (4) years of experience in managing computer systems and utilizing Tenable Security Center to manage security vulnerabilities and compliance configurations.
Experience as a Certified Ethical Hacker.
Experience with network implementation of Cisco Routers & Switches, CISCO ASA & Fortinet Firewall.
A minimum of five (5) years hands-on experience in implementing Minimum Acceptable Risk Standards for Exchange (MARS-E 2.0) based on NIST SP 800-53 rev4 Security and Privacy Controls.
A minimum of five (5) years hands-on experience in NIST SP 800-37 applying Risk Management Framework.
ITIL v3 or equivalent Certification, ISCC certification.
Experience working and developing with PMO processes, policies and procedures.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online