Sr. Cyber Security Specialist
Posted on Aug 13, 2019 by Parsons
Centreville VA / Virtual
Parsons delivers innovative solutions around the globe that make the world safer, healthier, and more connected. Founded in 1944, Parsons Corporation --- a digitally enabled solutions provider --- is focused on the defense, intelligence, security, and infrastructure markets. We are uniquely qualified to deliver cyber/converged security, technology-based intellectual property, and other innovative services to federal, regional, and local government agencies, as well as to private industrial customers worldwide.
Do you work in a team setting the bar for cyber-physical security? Are you passionate about cybersecurity, cyber-physical systems hygiene, cloud and mobility technology, risk management, information governance, continuous improvement? If you are an experienced professional willing to take initiative, can speak business and IT, use advanced techniques to identify and resolve complex security, privacy and supply chain risks in government and commercial space, this role may be perfect for you. Parsons Corporate Security is searching for a Senior Cybersecurity Specialist in support of our Risk & Compliance practice. In this role, you will work with a team of experienced professionals to define standards to meet our corporate objectives, legal, regulatory and contractual requirements, engineer or assess systems and processes to identify security, privacy and supply chain risks, and develop actionable results. The focus for the Senior, Cybersecurity Specialist is the unclassified corporate and project networks but may also contribute to the cybersecurity of classified environments, including supporting new business development activities and contract execution environments.
- Understands and maps legal, regulatory and contractual requirements, cyber-physical best practices and industry standards to organizational policies.
- Develops and maintains cybersecurity plans, policies, standards, and procedures to support and align with organizational cybersecurity initiatives and regulatory compliance. When no standard or technical specification exists, supports the responsible function in its development by validating approach and baseline configuration to ensure it meets our requirements.
- Evaluates and supports the documentation, validation, assessment, and authorization processes necessary to assure that existing and new information technology (IT) systems, third party vendors and subcontractors, meet the organization's cybersecurity and risk requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
- Conducts independent, comprehensive, assessments of business process and Information Technology and its components to determine compliance with published standards, emerging threats, vulnerabilities, business and contractual impacts. Asses controls and control enhancements employed by or inherited by a system to determine overall effectiveness. Conduct tests of systems to evaluate compliance with specifications and requirements.
- Responds to external and internal customers on Parsons ability to provide adequate security and compliance against specific standards such as NIST 800-53, NIST 800-171, ISO 27001, FedRAMP, NERC CIP, and specific customer requirements.
- Determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
- Responsible for the research, design, development, and implementation of cyber security/protection technologies for Parsons information and process systems/applications. Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.
- Work with IT and suppliers to develop technical solutions for computer security needs and makes recommendations to senior management.
- Monitor external data sources to maintain knowledge of threat condition and determine which security issues may have an impact on the enterprise. Identifies and mitigates threats and vulnerabilities that are associated with potentially compromising corporate and client data.
- Supports RESPOND team with the investigation of computer security incidents to determine business, legal and contractual impacts, and compliance reporting to externally to government and clients.
- Conducts highly complex analysis of computer protection measures and creates metrics and measurement tools.
- Serves on project teams and internal committees to represent cybersecurity interests.
- Provides mentorship to less experienced Cybersecurity Analysts.
- 4-year degree in Computer Science (or equivalent experience)
- At least 8-10 years of experience as security architect, security engineer, risk analyst, compliance assessor and/or systems analyst and/or programming
- Experience with NIST Risk Management Framework and Special Publications NIST 800-171, 800-53; ISO 27001/2 preferred. Familiarity with various network and host-based security tools, cloud security configurations, GRC tools is desirable.
- An equivalent combination of work experience and education may also meet the requirements for this job. Government clearance desirable.
One of the following is required: Certified Information Systems Security Professional (CISSP), Information Systems Security Engineering Professional (CISSP-ISSEP), Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), Systems and Network Auditor (GSNA), Critical Infrastructure Protection (GCIP), ISO27001 Certified ISMS Lead Implementer, ISO27001 Certified ISMS Lead Auditor.
- US Citizenship required.
- Strong ability to analyze information security events and make recommendations to team members and management for resolution.
- Strong analytical and problem-solving skills with ability to accurately evaluate current security procedures and develop plans for remedying any identified areas of weakness.
- Experience and in-depth technical knowledge of developing technical configuration and policies in network technologies (MPLS, VPN, Wireless), Boundary protection and Cloud extensions ((Intrusion Detection System, Intrusion Prevention System, Firewalls, Proxies, Email Gateways, etc.), device and user authentication (digital signatures, multi-factor authentication technologies), implementing security controls, assessing for compliance to various industry standards, monitoring security tools for identifying risks/issues, and correlating multiple sources of information to recommend remediations/risk acceptance.
- Exposure in cloud security, mobility security, virtualization/containerization strategies is desirable
- Familiarity with governance, risk and compliance (GRC) platforms is desirable.
- Understanding of NIST SP 800-171, 800-53, FedRAMP and related special publications and impacts on a commercial organization. Familiarity with ISO 27000-series, ISO 27001/27002, SOX, COBIT, NERC-CIP or other information security control frameworks
- Good interpersonal, written, oral communication, and presentation skills to both internal and external customers and senior management.
- Ability to provide guidance, mentoring, and constructive feedback as necessary.
Ready for action? Were looking for the kind of people who see this opportunity and dont hesitate to act. Parsons is a leader in the world of Technical Services and Engineering. We hire people with a broad set of technical skills who have proven experience tackling some of the greatest challenges. Take your next step and apply today.
Parsons is a digitally enabled solutions provider focused on the defense, security, and infrastructure markets. With nearly 75 years of experience, Parsons is uniquely qualified to deliver cyber/converged security, technology-based intellectual property, and other innovative services to federal, regional, and local government agencies, as well as to private industrial customers worldwide.
Parsons is an equal opportunity, drug-free employer committed to diversity in the workplace. Minority/Female/Disabled/Protected Veteran/LGBT.
For more about Parsons, visit parsons.com and follow us on Facebook , Twitter , LinkedIn , and YouTube .