| Cyber Security Engineer Merrifield VA at Merrifield, Virginia, USA |
| Email: [email protected] |
| From: Sushmita Soni, Sonitalent [email protected] Reply to: [email protected] Hope you are doing well , We are looking for Cyber Security Engineer, please let me know if you are looking for this role and send me your updated resume also Job Description Job Title Cyber Security Engineer Job Location Merrifield, VA, 22119 hybrid locals only Need Local Duration 6 Months+ Mode Of Interview - Phone/Skype Note - Need LinkedIn Job Description Peraton USPS CSS CISO Location is hybrid in Merrifield, VA local Candidates only Duration is one year Must be able to obtain a Position of Public Trust Clearance Candidate must have lived in the United States for the past 5 years consecutively. Cannot have more than 6 months travel outside the United States within the last five years. Military Service excluded. CERTIFICATIONS: ( One or more required ) CISSP, CISM, SABSA, GIAC Need candidates by COB 09/11/23 Required for consideration: Resumes must be no longer than 4 pages to be considered Cities/States must be listed for each role Graduation years are required Gaps in employment must be explained Cyber Security Engineer III - Mail Processing Equipment and Material Handling Equipment (MPE/MPH) The resource shall provide the expertise to build upon existing USPS capabilities to support software and system security tasks as follows: 1. MPE/MHE System and Software Security 2. Security Assessments and Patch Management 3. Network Traffic Management Qualified candidates will augment the ES Security Team to evaluate, analyze, plan, test, and provide support for the objectives described in this Section. 1. MPE/MHE System and Software Security There are approximately 250 MPE/MHE systems that ES supports. Changes to existing systems range from software maintenance releases to large-scale mechanical and software updates (Tech Refresh programs). Also included are newly acquired MPE/MHE systems. USPS cyber security standards are developed and modified by Chief Information Security Office (CISO) and ES and are the requirements to which the MPE/MHE systems must follow. This objective describes the work that will be performed with USPS ES management, system owners, and software teams to achieve cyber security design and verification goals for maintenance releases, tech refreshes, and new system acquisitions: 1. Support MPE/MHE system owners and development teams in cyber security architecture reviews including initial designs, documentation, and testing. To help in this effort, the Team shall: a. Create a golden standard for each platform; b. Develop and maintain reference systems; c. Maintain centralized libraries for scripts, fixlets, and software to implement patches and security features, leveraging the BigFix software suite; d. Develop documentation standards, test cases, requirements; 2. Implement a Secure Coding process within the ES MPE/MHE DevSecOps software development process; 3. Perform MPE/MHE vulnerability scans; 4. Work with MPE/MHE teams on identifying timelines for remediating vulnerabilities, upgrading legacy operating systems (OS) and database applications, and implementing system changes according to new security standards on Production systems; 5. Coordination of cyber security tasks with program office and engineering managers on new MPE/MHE systems, including architecture and technology assessments, and validating implementation of security requirements through test phases and security reviews. Deliverables/Expectations Deliverable: Technical reports, assessments, presentations, schedules, and other written artifacts that deliver results of cyber security analysis and recommendations based on CISO and ES standards Expectation: Attend MPE/MHE team meetings and develop documentation in support of legacy and new MPE/MHE Deliverable: Support to MPE/MHE teams to design and verify cyber security requirements on Production systems Expectation: Approximately 70 releases/year Deliverable: Review and provide analysis of security requirements for new MPE/MHE Expectation: Approximately 5 programs/year Deliverable: Update the Software Security Statement of Work, as required and if there are changes in standards or applications to new environments (e.g., Artificial Intelligence, Machine Learning) Expectation: Approximately 2 updates/year 2. Security Assessments and Patch Management The ES Security Team, and selected resources, will: 1. Develop best practices for cyber security and patch updates on legacy MPE/MHE systems and network designs. ES uses the HCL BigFix application to monitor, report, and install patch updates; 2. Maintain ES security patch processes and documentation; ES uses the MicroFocus Solutions Business Manager (SBM) application to manage the patch process and deliverables; 3. Using the ES security applications, BigFix and Forescout, and the Mail Processing Inventory Repository (MPIR) data, provide MPE/MHE patch and vulnerability reports to assist MPE/MHE development teams in planning and implementing software upgrades for required security patches; 4. Analyze and provide recommendations to remediate MPE/MHE vulnerabilities and responses to Enterprise Cyber Risk Management System (ECRMS) risk assessments; 5. Provide recommendations to ES management to improve the patch process and the applications used to assign, verify, and install patch releases. Deliverables/Expectations Deliverable: Vulnerability reports, assessments, develop process and training documents, and other written artifacts that deliver results of analysis and recommendations Expectation: Work with MPE/MHE teams in support of patch updates on MPE/MHE Deliverable: Creation of a MPE/MHE system architecture review process to verify adherence to systems security standards during design phase Expectation: Review/revise the existing software security requirements Deliverable: Assess and provide recommendations as needed to improve the ES patch process and associated reports. Expectation: Learn and use the tools that manage the process; assist in implementing improvements Deliverable: Work with MPE/MHE teams during cyber security assessments and remediation of issues found during the assessments. Expectation: Approximately 40 releases/year 3. Network Traffic Management The ES Network Management Team, and selected resources, will: 1. Update Mail Processing repository and other records accordingly to ensure accurate profiling for network controls; 2. Validate MPE/MHE MPNACS policies and rule changes; 3. Maintain detailed network connectivity requirements for each system; 4. MPE/MHE RFC 1918 administration and changes; 5. Development and installation of jump servers at each site for secure access to MPE/MHE. Deliverables/Expectations Deliverable: Maintaining MPE/MHE configurations in the ES MPIR based on meetings with teams and other written artifacts that deliver results of analysis and recommendations Expectation: Update the network data in MPIR using MPNACS data and from system owners Deliverable: Create and maintain MPNACS policies and rules for all MPE/MHE systems. Expectation: Update Access Control list as required Deliverable: Define requirements for and coordinate installation of servers to support remote access to MPE/MHE Expectation: Develop requirements based on current usage and Stakeholder needs EXPERIENCE LEVEL: 5-7+ years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience 5-7+ years of ethical hacking experience including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews 5-7+ years Comprehensive understanding of change management techniques associated with new technology implementation. 5-7+ years demonstrating leadership ability EDUCATION: Bachelors degree in a technical specialty such as cyber security, computer science, management information systems or related IT field (Master's Degree Preferred) CERTIFICATIONS: ( One or more required ) CISSP, CISM, SABSA, GIAC Thanks & Regards Sushmita Soni Sr. Technical Recruiter| SoniTalent Corp. Desk | 859-659-1004 EXT 201 [email protected] Address - 5404 Merribrook Lane, Prospect, KY, USA Keywords: information technology Kentucky Virginia |
| [email protected] View all |
| Fri Sep 08 03:46:00 UTC 2023 |