Cyber Information Security Director (ENFA-ACE000253)
The Cyber Information Security Director (CISD) will be responsible for managing a team of Network Security/Information Assurance, Certification and Accreditation and CNDSP Engineers charged with incident handling, triage of events, network analysis and threat detection, trend analysis, metrics development, vulnerability information dissemination and the DoD CNDSP methodology as a Cyber Security team. The CISD will function as the primary liaison for all enterprise security related functions between the program and the ACE-IT Cyber Security team, will provide the ACE-IT CIRT with situational awareness of all Cyber Security Information across the enterprise network, and also act as primary contact for Enterprise Engineering in coordination of all new projects needing security assessments and evaluations prior to transition to the production network.
The CISD is responsible to provide both the ACE-IT Director and Cyber Security team all required security assessments and audit feedback to include: recommendations to meet specific security compliance requirements and complete detailed reports of information systems security status. The CISD will assist in the development of policy along with the ACE-IT Cyber Security team that will aid in securing information systems and protect data. Additionally, the CISD may be involved in support and development of security awareness for employees by explaining security risks and demonstrating good safeguards both daily operations and for specific projects.
Finally, the CISD will manage the teams completing all security audits of information systems and infrastructure equipment. S/he must have knowledge of Army computer network defense with a strong understanding of the lifecycle of network threats, typical attack vectors, and network and system vulnerability exploitation. The CISD will collaborate with the ACE-IT CIRT and the Engineering Design Directorate towards integrating security into the System Development Life Cycle of different development groups across the Computer Network Defense.
MAJOR JOB ACTIVITIES:
|1. Works with and assist the SOC and IA staff with general daily security activities such as (but not limited to):
a. Oversight of service requests ensuring teams are performing to standard
b. Supporting the CNDSP for forensics information and incident handling
c. Monitoring of overall security posture of the Enterprise, understanding how security event impacts
d. Oversight of incident response, ensuring responses are accurate and addressing the concern per standards
e. Overall security assessments, reporting requirements, making sure teams are meeting service level requirements (SLR) associated with information security on the enterprise
2. Supports the IA staff with policy and compliance doctrine, contribute to and maintain security standards documentation on the program that are aligned with ACE-IT directives and goals.
3. Routinely reviews and suggest updates for security controls through recommendations of new policies, procedures and technical solutions designed to enhance overall enterprise security.
7. Documents and reports incidents from initial detection through final resolution using standard DoD incident reporting channels and methods (refer to CJCSM 6510.01B “Cyber Incident Handling Program” dated 10 July 2012 or later). Briefs incident details as necessary to ACE-IT Senior leadership, up to and including the Director, and determine all means by which to resolve any incidents as quickly and effectively as possible.
8. Responsible for management oversight of testing of IA policies and security controls to level of risks associated with said policies and then is responsible for modifying and keeping those policies updated with the aid and support of the SOC and IA teams.
9. Coordinates with USACE Cyber Security Team on all security related items as required, including risk assessments as well as design and implementation of breach or high-risk resolution solutions.
10. Monitors open source feeds and reporting on the latest threats against computer network defenses. And, demonstrates clear capabilities of learning the interface, customization, language acceptance, and logic of new CND related tools as ACE-IT acquires them.
11. Key responsibility is to ensure all appropriate security safeguards, policies, procedures are designed and deployed to meet ACE-IT and program standards.
12. Provides technical expertise regarding the defense of government information systems and networks.
13. Manages the monitoring of intrusion detection and security information management systems to discover and mitigate malicious activity on enterprise networks.
14. Ensures CNDSP staff follow computer incident handling procedures to isolate and investigate potential network information system compromises.
15. Oversees performance of malware and/or forensic analysis as part of the incident management process.
16. Supports the design and integration of custom rules and reports into proper security tools and data collection architectures.
17. Evaluates reports that identify risks to computer systems and make written and verbal remediation recommendations to senior program staff as well as ACE-IT leadership.
18. Ensures timely and appropriate team response to General Service Incidents: Service and infrastructure related incidents (loss of service, poor performance, and service anomalies) IAW contract and DoD standards.
19. Maintains response oversight for Electronic Spillage incidents where classified, Personal Identifiable Information (PII), Controlled Unclassified Information (CUI), or Networks of Interest (NOI) information is introduced on an IT system or network that it is not authorized to hold or process such data.
20. Ensures response to unauthorized disclosure: any incident where information, data, or files have been made available to a person or persons who do not have authorized access.
21. Responds to requirements associated with Information Operations Conditions (INFOCON) and higher HQ direction.
22. Supports Investigation activities associated with complex incidents requiring more in depth data collection for command or law enforcement issues.
23. Supports Security Incident Response to include: Perimeter Configuration Incidents, Security Events to address actual or potential CND events or identified threats; End user level intrusion or rouge systems; vulnerability identification and mitigation; and Mission Assurance Incidents impacting IT systems or networks.
24. Coordinates with CNDSPs to develop incident response and reporting and policy updates as needed IAW ACE-IT CIRT.
25. Manages and work in close coordination with the Information Assurance team and SOC to appropriately resolve daily incidents.
26. Ensures new employees are oriented to the Security organization and responsibilities to the customer.
27. Periodically reviews training requirements for personnel and ensure they are maintaining DoD requirements for their positions.
28. Acts as POC for all Company ACE-IT Cyber Security decisions as approved by or in collaboration with DoD, Army, ACE for ACE-IT Program by Program Manager.
29. Provides supervisory guidance to Cyber Security staff regarding all matters relating to Computer Network Defense and Information Assurance (to include: protocol changes/updates, training, certification enhancements, etc.), acts as lead in staffing and hiring determinations related to the Cyber team in relationship to meeting customer service expectations and conducts annual performance evaluations, conducts promotional as well as disciplinary activities as necessary to maintain a functionally successful team.
30. Ensures that staff follow customer, DoD, Army, Company policies and procedures.
Bachelor’s degree in computer science, information systems, or related field required
10+ years of work experience in an IT/Operations role with:
7+ years of IT Security and CND experience (Army/DOD experience required)
4+ years of experience in IT Audit, IT Risk Management or IT Compliance
3+ professional IT management experience
Advanced knowledge of enterprise and IT security risk management concepts
Industry Certification of at least one of the following: (CISM, CISA, CRISC, CISSP, GEHC)
*This position requires DoDI 8570.01-M CNDSP Incident Responder certification and corresponding Computing Environment certification.
∙ Top Secret Clearance based on a SSBI and able to meet the requirements of DCID 6/4
∙ Demonstrate expert-level knowledge in planning, directing, and managing projects/operations in an organization similar in size to this acquisition;
∙ Demonstrate expert-level knowledge of Army, DOD and industry accepted policies, standards, best practices, and regulations related to Cyber Security CND;
∙ Demonstrate experience with researching and fielding new and innovative technology
∙ Experience identifying and resolving security issues on complex systems and enterprise environments
∙ Knowledge of NIST Frameworks, ISO standards and executive security policies, standards and regulations pertaining to a DoD environment.
∙ Knowledge and experience with security tools used by ACE-IT: ArcSight, Splunk, HBSS, Maltego, CyberArk, and FireEye
∙ Experience conducting forensic analysis and investigations using tools such as EnCase and those listed above.
∙ Understanding and knowledge of how attackers use tunneling and covert channels to cover their tracks on a network, and the strategies involved in defending against them.
∙ Clear understanding of how attackers hide files and directories on Windows and Linux hosts and how they attempt to cover their tracks.
∙ Comprehensive understanding of different kinds of Denial of Service (DoS) attacks and how to defend against them.
∙ Experience with log monitoring, analysis and correlation
∙ Experience managing a SIEM
∙ Experience conducting network, system and malware analysis and reporting findings, assisting with vulnerability mitigation strategy and execution.
∙ 8570 Compliant with an approved Computing Environment Certification; and an OS certification; CISSP, CASP, CISM
∙ Excellent written and verbal communication skills with good organizational and project management skills with the ability to lead a team
∙ Experience in a role requiring leadership skills and the ability to influence without authority
∙ Ability to interact with personnel on all levels to resolve issues and provide solutions in a timely manner
∙ Strong sense of ownership and drive. Acts without being told what to do
∙ Superb written and verbal communication skills
∙ Excellent organizational, presentation, and collaboration skills
∙ Advanced technical, analytical and problem solving skills
Supervises a team of Cyber Security and CNDSP experts; may be responsible to work with Program Leadership to develop budgets related to security testing, application devices, training, and related cyber security needs, as well as in regard to management of staff-based costs.
Yes, 20 % of the Time