Today
Secret
Mid Level Career (5+ yrs experience)
$100,000 - $125,000
IT - Security
Atlanta, GA (On-Site/Office)
Key Responsibilities
• Assists with difficult cybersecurity questions and requests from the customers.
• Direct sponsor engagement as required to review current and planned requirements for secure infrastructures that require compliance.
• Guide requirements gathering and analysis.
• Leads validation of security control configuration on systems, ensure all systems are configured to to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.
• Articulates privacy requirements into product life-cycle including definition, requirements analysis, synthesis, cyber engineering analysis and implementation.
• Conducts privacy impact analyses and identify areas needing improvement and recommend necessary enhancements to achieve privacy goals.
• Reviews modifications to critical information systems and directs implementation of configuration changes.
• Mentors lower-level cybersecurity and IT professionals across the enterprise.
Additional Responsibilities
• Develop and implement incident response plans and procedures, ensuring a swift and effective response to security incidents or breaches.
• Coordinate incident investigations, containment, and recovery efforts as needed.
• In-depth knowledge of incident response protocols and remediation techniques.
• Plan and conduct incident response exercises to include table tops, simulations, and actual disruptions.
• Incident investigation and response experience, including the ability to work with IR stakeholders to gather required information for reporting.
• Submit all required IR reports to governing bodies within parameters set by law, regulation, contract, or policy.
• Consult with various partners, publications, websites, news sources, and cyber forums to provide daily updates on threats relative to our environments.
• Communicating threats to stakeholders outside of the cybersecurity department regarding threats and risks.
• Observe and document events as they unfold during exercises and incidents to facilitate lessons learned sessions.
• Deep knowledge of the current threat landscape, including knowledge of malware operation and indicators.
Required Minimum Qualifications
• Practical knowledge of security applications and technologies, as well as operating system platforms including Windows, Mac, Linux, and Networking technologies.
• Knowledge of application and infrastructure vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys, Fortify, etc.) in complex or large organizations.
• Technical background to understand the characteristics and exploitation vectors for vulnerabilities being reported.
• Strong knowledge of Splunk, Tenable Nessus, API’s, Excel and Power BI Platform for data analytics.
• Experience with advanced Excel data manipulation and analysis including pivot tables, light macros, intermediate formulas.
• Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.
• Sound knowledge of common infrastructure vulnerability categorizations such as CVE, CVSS, and/or CWE.
• Deep understanding of cybersecurity best practices and frameworks such as NIST 800-53/171, CMMC, RMF, MITRE, ATT&CK Framework, and OWASP top 10.
• Incident management expertise with ability to translate technical risks for business leaders.
• Excellent written and verbal communication skills.
• One or more basic cybersecurity certifications such as: Security+, CEH, CND, CySA+, CCNA-Security or equivalent.
Preferred Qualifications
• Active Secret Clearance.
• Master’s degree.
• 5 years of experience in incident response.
• 9 years of experience in vulnerability management.
• Experience leading or managing an Incident Response Program.
• One or more advanced cybersecurity certifications such as: CISSP, CISM, CRISC, CISA, CASP, GEVA, CCNP-Security or equivalent.
• Assists with difficult cybersecurity questions and requests from the customers.
• Direct sponsor engagement as required to review current and planned requirements for secure infrastructures that require compliance.
• Guide requirements gathering and analysis.
• Leads validation of security control configuration on systems, ensure all systems are configured to to necessary controls, such as NIST, DFARS 252.204-7012, CMMC, and other similar requirements.
• Articulates privacy requirements into product life-cycle including definition, requirements analysis, synthesis, cyber engineering analysis and implementation.
• Conducts privacy impact analyses and identify areas needing improvement and recommend necessary enhancements to achieve privacy goals.
• Reviews modifications to critical information systems and directs implementation of configuration changes.
• Mentors lower-level cybersecurity and IT professionals across the enterprise.
Additional Responsibilities
• Develop and implement incident response plans and procedures, ensuring a swift and effective response to security incidents or breaches.
• Coordinate incident investigations, containment, and recovery efforts as needed.
• In-depth knowledge of incident response protocols and remediation techniques.
• Plan and conduct incident response exercises to include table tops, simulations, and actual disruptions.
• Incident investigation and response experience, including the ability to work with IR stakeholders to gather required information for reporting.
• Submit all required IR reports to governing bodies within parameters set by law, regulation, contract, or policy.
• Consult with various partners, publications, websites, news sources, and cyber forums to provide daily updates on threats relative to our environments.
• Communicating threats to stakeholders outside of the cybersecurity department regarding threats and risks.
• Observe and document events as they unfold during exercises and incidents to facilitate lessons learned sessions.
• Deep knowledge of the current threat landscape, including knowledge of malware operation and indicators.
Required Minimum Qualifications
• Practical knowledge of security applications and technologies, as well as operating system platforms including Windows, Mac, Linux, and Networking technologies.
• Knowledge of application and infrastructure vulnerability scanning tools (e.g., Rapid7, Nessus, Qualys, Fortify, etc.) in complex or large organizations.
• Technical background to understand the characteristics and exploitation vectors for vulnerabilities being reported.
• Strong knowledge of Splunk, Tenable Nessus, API’s, Excel and Power BI Platform for data analytics.
• Experience with advanced Excel data manipulation and analysis including pivot tables, light macros, intermediate formulas.
• Previous experience in analyzing data to present relevant metrics to remediation stakeholders and leadership.
• Sound knowledge of common infrastructure vulnerability categorizations such as CVE, CVSS, and/or CWE.
• Deep understanding of cybersecurity best practices and frameworks such as NIST 800-53/171, CMMC, RMF, MITRE, ATT&CK Framework, and OWASP top 10.
• Incident management expertise with ability to translate technical risks for business leaders.
• Excellent written and verbal communication skills.
• One or more basic cybersecurity certifications such as: Security+, CEH, CND, CySA+, CCNA-Security or equivalent.
Preferred Qualifications
• Active Secret Clearance.
• Master’s degree.
• 5 years of experience in incident response.
• 9 years of experience in vulnerability management.
• Experience leading or managing an Incident Response Program.
• One or more advanced cybersecurity certifications such as: CISSP, CISM, CRISC, CISA, CASP, GEVA, CCNP-Security or equivalent.
group id: 10105424
Accelerating IT transformation in the public sector
