About Oxley Enterprises®, Inc.
Oxley Enterprises,® Inc. is an economic disadvantaged woman-owned, service disabled veteran-owned, small disadvantaged business consulting company helping organizations improve performance, enhance productivity, and increase overall organizational effectiveness through strategic planning, performance management, quality management, process management, project management, human capital development, transformational workshops, IT Benchmarking, and information technology integration.
Oxley provides dynamic, mission-aligned strategies and solutions to help organizations across the spectrum of business and government address these challenges today and thrive tomorrow. Oxley professionals apply a diverse knowledge of process and technical consultation experience to support organizations in identifying business and program needs, and maximizing return on investment. Oxley is dedicated to providing each and every client with a full range of management consulting services and continuous learning and improvement opportunities to help them expand both their capacities and capabilities. Oxley has experience within government organizations specifically geared toward improving the performance, quality, timeliness and efficiency of processes, programs and strategies.
The Information Assurance Specialist/Advisor Security Control Assessor is responsible for supporting the NGA Enterprise Support to Management and Resources for Technical Services (ESMARTS) program. Provide Information System Security Engineer (ISSE) services to information system owners as determined by the Director, Risk Management Division. Apply best practices and processes of capturing, refining, and assisting in prioritization of requirements based on risk, engineering principles, and mission requirements. Produce purposeful security architecture, design, development and a configuration information system that facilitate secure missions systems.
Minimum/General Experience: Minimum of 10 years’ experience in systems engineering, requirements analysis, system development, software development, or hardware development as applied to the cybersecurity, information assurance or related field; candidate must have experience with application of security controls to information systems.
Minimum Education: Masters’ Degree (Computer Science, Management Information Systems or Other Related Field)
Security: Active Top Secret/SCI clearance and the ability to pass a CI polygraph within 60 days of hire
Duties and Responsibilities:
- Provide ISOs guidance, requirements understanding, and options to support technical security engineering and capability based security analysis of system security architectures, identify vulnerabilities, and provide suggested mitigation alternatives.
- Participate in design, development, and implementation of information systems to ensure these systems are in compliance with required security features and safeguards.
- Propose categorization of information systems based on types of information processed, in conjunction with DAO Liaisons, and ISOs. Identify improved or equal security features and safeguards provided for system enhancements.
- Analyze IA policies, procedures, and requirements and provide security recommendations for the operational functionality of systems or proposed capabilities in sufficient detail to support the development of interoperable, standard, and compatible systems.
- Coordinate with appropriate SCAs early in engineering design phase for ongoing coordination, understanding in development and application of security controls, and security tradeoffs and other decisions.
- Provide technical assistance to the government efforts to conduct cost/benefit analysis for security design decisions.
- Perform security engineering analysis and documentation reviews to validate government IA policies, procedures, and requirements are met.
- Provide technical guidance in security design reviews, and analyze vendor documentation for government and commercial solutions.
- Oversee and report compliance with system security plans on all NGA’s information stores, systems and networks on a regular (at least quarterly) basis and review audit logs for security significant issues and events and advise government PM on a weekly basis.
- Provide network services engineering expertise in support of strategic defense of essential network infrastructures and operations against compromise by ensuring integrity and robustness of interconnections between networks of different security domains. Ensure information systems are designed, developed, and implemented with required security features and safeguards.
- Provide cross domain system security control guidance to developers.
- Active Top Secret/SCI clearance
- U.S. Citizenship
- Masters’ Degree (Computer Science, Management Information Systems or Other Related Field)
- Knowledge and experience in security disciplines including, but not limited to, information systems security, operations security, administrative security, personnel security, physical security and communications security.
- Knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation
- Knowledge of DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures
- Knowledge of DoD/IC system security control requirements, roles, missions, and operational enterprise architecture
- Knowledge of Information Assurance architecture frameworks, including the IC IA Architecture Reference Model.
- Knowledge of network security architecture concepts, including topology, protocols, components, and principles
- Knowledge of the System Development Lifecycle
- Knowledge of IT supply chain security/risk management policies, requirements, and procedures
- Knowledge of information security systems engineering principles and virtual machine technology
- Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
- Knowledge of network access, identity, and access management (e.g., PKI)
- Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools
- Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization guidelines) relating to system design
- Knowledge of Privacy Impact Assessments (PIA) and Personally Identifiable Information (PII)
- Knowledge and experience with XACTA, including understanding workflow
- Knowledge, skills, and experience in Systems Engineering principles, requirements analysis, system development (software and hardware)
- Skill in translating security requirements into functional requirements and options for developers
- Skill in security control inheritance from enterprise security services and communicating these to developers
- Skill in creating policies that reflect system security objectives
- Skill in designing countermeasures to identified security risks
- Skill in designing security controls based on IA principles and tenets
- Skill in designing the integration of hardware and software solutions
- Skill in discerning the protection needs (i.e., security controls) of information systems and networks
- Ability to evaluate the adequacy of security designs
- Ability to use design modeling (e.g., unified modeling language)
- Ability to develop and apply security system access controls
- Ability to conduct audits or reviews of technical systems
- Ability to conduct vulnerability scans and recognizing vulnerabilities in security systems
- Ability to establish effective working relationships internally and externally to the Agency
Essential Job Qualifications (skills, knowledge, experience)
Please submit resume, cover letter, and salary requirements to firstname.lastname@example.org.
Visit our website at www.oxleyenterprises.com to learn more about our organization.
Oxley Enterprises®, Inc. is an equal opportunity employer.