Job Title: Security Assessment Lead
Posted by: K2 Group, Inc. on Aug 27, 2020
Location:
Washington , DC 20032Job Description:
**This is currently a contingent opportunity.**
The Security Assessment Lead will identify and utilize industry leading technologies, or proven technologies, to develop and implement capabilities for vulnerability assessments of the FAA critical infrastructure.
Performance shall include:
Design, develop, test, and evaluate information systems throughout the systems development life cycle.
Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.
Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.
Conduct comprehensive vulnerability assessments on the following aspects of FAA systems and infrastructure:
Network systems, services and devices
Applications (including patches)
Cloud Based Service
Operating Systems (including patches)
Web-Facing applications, devices and elements
Databases
Other assets as determined by FAA Order, Policy, Guidance, or FAA direction.
Collaborate with the FAA to identify technologies, areas for development of new technologies, and analyze risks associated with each in order to mitigate vulnerabilities found in each assessment.
Perform software testing to confirm whether a change has had an adverse effect on a recent program or code change
Ensure that the old code still works once the latest code change has been completed. Regression testing must include the prioritization of the test cases to minimize the business impact, critical and frequently used functionalities to limit the requirement for a retest of all existing test.
Regression Testing must include but is not limited to the following:
Test Cases which have frequent defects.
Functionalities which are more visible to the users.
Test Cases which verify core features of the product.
Test Cases of functionalities which has undergone more and recent changes.
All integration Test Cases.
All Complex Test Cases.
Boundary value Test Cases.
A sample of successful Test Cases.
A sample of failure Test Case.
Conduct a systematic assessment of Mission Essential Functions (MEFs) susceptibility to process failures and the vulnerability of automatic cyber processes and inter-process communication to accidents and attacks.
Assess, analyze, and report on the results of the vulnerability assessment in accordance with FAA policy, guidance, established process, procedures, or direction of the COR. For each assessment, the Contractor must:
Plan for the assessment
Perform the assessment
Document the System Security Assessment Report (SAR) assessment (CDRL 010) and recommend mitigation strategies. This includes
Identifying vulnerabilities
Describing the risk to FAA
Recommending the implementation of existing technologies and methods (i.e., platforms, applications, frameworks, and capabilities) to incorporate threat avoidance and cyber defense
Recommending the development of new technologies and methods (i.e., platforms, applications, frameworks, and capabilities) to incorporate threat avoidance and cyber defense
Performing an Analysis of Alternatives on the recommended mitigations strategies documenting the costs, benefits and risk of each recommended.
Degree:
Bachelor’s Degree in Cyber Security, Computer Science, Information Technology, Engineering, Mathematics, or Physics.
Level I: Minimum of 15 Years of relevant experience in lieu of a Bachelor’s Degree, 20+ years of experience
Level II: Minimum of 10 Years of relevant experience in lieu of a Bachelor’s Degree, 15+ years of experience
Level III: Minimum of five Years of relevant experience in lieu of a Bachelor’s Degree, 10+ years of experience
Certifications:
If performing Risk Assessments; minimum of one (1) of the following certifications:
* Certified Information Systems Security Professional (CISSP)
* GIAC Certified Enterprise Defender (GCED)
* CompTIA Advanced Security Practitioner (CASP)
* Certified Information Systems Auditor (CISA)?
Security Clearance:
Current and active SECRET security clearance
The Security Assessment Lead will identify and utilize industry leading technologies, or proven technologies, to develop and implement capabilities for vulnerability assessments of the FAA critical infrastructure.
Performance shall include:
Design, develop, test, and evaluate information systems throughout the systems development life cycle.
Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.
Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.
Conduct comprehensive vulnerability assessments on the following aspects of FAA systems and infrastructure:
Network systems, services and devices
Applications (including patches)
Cloud Based Service
Operating Systems (including patches)
Web-Facing applications, devices and elements
Databases
Other assets as determined by FAA Order, Policy, Guidance, or FAA direction.
Collaborate with the FAA to identify technologies, areas for development of new technologies, and analyze risks associated with each in order to mitigate vulnerabilities found in each assessment.
Perform software testing to confirm whether a change has had an adverse effect on a recent program or code change
Ensure that the old code still works once the latest code change has been completed. Regression testing must include the prioritization of the test cases to minimize the business impact, critical and frequently used functionalities to limit the requirement for a retest of all existing test.
Regression Testing must include but is not limited to the following:
Test Cases which have frequent defects.
Functionalities which are more visible to the users.
Test Cases which verify core features of the product.
Test Cases of functionalities which has undergone more and recent changes.
All integration Test Cases.
All Complex Test Cases.
Boundary value Test Cases.
A sample of successful Test Cases.
A sample of failure Test Case.
Conduct a systematic assessment of Mission Essential Functions (MEFs) susceptibility to process failures and the vulnerability of automatic cyber processes and inter-process communication to accidents and attacks.
Assess, analyze, and report on the results of the vulnerability assessment in accordance with FAA policy, guidance, established process, procedures, or direction of the COR. For each assessment, the Contractor must:
Plan for the assessment
Perform the assessment
Document the System Security Assessment Report (SAR) assessment (CDRL 010) and recommend mitigation strategies. This includes
Identifying vulnerabilities
Describing the risk to FAA
Recommending the implementation of existing technologies and methods (i.e., platforms, applications, frameworks, and capabilities) to incorporate threat avoidance and cyber defense
Recommending the development of new technologies and methods (i.e., platforms, applications, frameworks, and capabilities) to incorporate threat avoidance and cyber defense
Performing an Analysis of Alternatives on the recommended mitigations strategies documenting the costs, benefits and risk of each recommended.
Degree:
Bachelor’s Degree in Cyber Security, Computer Science, Information Technology, Engineering, Mathematics, or Physics.
Level I: Minimum of 15 Years of relevant experience in lieu of a Bachelor’s Degree, 20+ years of experience
Level II: Minimum of 10 Years of relevant experience in lieu of a Bachelor’s Degree, 15+ years of experience
Level III: Minimum of five Years of relevant experience in lieu of a Bachelor’s Degree, 10+ years of experience
Certifications:
If performing Risk Assessments; minimum of one (1) of the following certifications:
* Certified Information Systems Security Professional (CISSP)
* GIAC Certified Enterprise Defender (GCED)
* CompTIA Advanced Security Practitioner (CASP)
* Certified Information Systems Auditor (CISA)?
Security Clearance:
Current and active SECRET security clearance
Education Level:
Bachelors degree or higher
Pay Rate:
Commensurate with experience
Security Clearance:
Top secret
Travel Requirements:
None
Sign Up to Apply to this position
(if you already have a CGO account, just press the button below)
About K2 Group, Inc.
The DNA of our firm is rooted in the Counter Terrorism and Intelligence Communities. We understand the threats posed and the requirements needed to defeat them. From information security to infrastructure protection - we offer the analysis, technical and operational support needed to accomplish even the most challenging missions. K2 Group delivers the knowledge and experience demanded to support the full life cycle of security mission requirements - anytime, anywhere.
Please visit this employer's Public Profile to see more jobs offered by K2 Group, Inc.