System Administrator III/Security Architecture Support
Posted on Nov 5, 2020 by Octo Consulting Group
Octo Consulting Group (Octo) is an industry-leading, award-winning provider of digital services for the federal government. Octo specializes in providing agile software engineering, user experience design, cloud services, and digital strategy services that address government's most pressing missions. Octo delivers intelligent solutions and rapid results, yielding lower costs and measurable outcomes.
Our team is what makes Octo great. At Octo youll work beside some of the smartest and most accomplished staff youll find in your career. Octo offers fantastic benefits and an amazing workplace culture where you will feel valued while you perform mission critical work for our government. Voted one of the region's best places to work multiple times, Octo is an employer of choice!
As a System Administrator III/Security Architecture Support, you'll supervise and manage the daily activities of configuration and operation of systems which may be mainframe, mini, or client/server based. Plan and monitor the optimizing of system operation and resource utilization and perform systems capacity analysis and planning. Plan and monitor assistance to users in accessing and using business systems. The following are the detailed (but not limited to) tasks you will perform. The following are the detailed (but not limited to) tasks you will perform:
System Administration activities include, but are not limited to:
Provide strategic thought leadership and verbal briefings related to security administration, risk identification and mitigation and emerging industry issues and best practices;
Implement, administer, and optimize security measures/tools for the protection of computer systems, networks, and information;
Configure and troubleshoot security infrastructure devices, including hardware, software, and application issues;
Monitor and maintain the infrastructure supporting capabilities;
Monitor and tune (as required) the performance of the Servers or services that comprise the security tools suite;
Administer security systems and all security devices to ensure confidentiality, integrity, and availability;
Update security tools and sensors with the latest signatures and patches in support of security monitoring and incident response;
Perform and verify backup of all security systems;
Update documentation and artifacts regarding management and architecture of security infrastructure and make them available as needed;
Perform Security Infrastructure administration;
Support the Security Artifact/Authority to Operate (ATO) Tracking System; and
Provide in-depth product and tools research on emerging technologies and support the customization required to integrate within the organization.
Maintain liaison and collaboration efforts with the Program Manager and other designated responsible official in support of Risk Management activities.
We were founded as a fresh alternative in the Government Consulting Community and are dedicated to the belief that results are a product of analytical thinking, agile design principles and that solutions are built in collaboration with, not for, our customers. This mantra drives us to succeed and act as true partners in advancing our client's missions.
The program you will be working on will provide Information Security Program Support Services to preserve the National Institute of Health (NIH) information, prevent data breaches and to support the following:
Enterprise information security governance, communications, program and project management, and security metrics and reporting;
Threat identification and incident handling, including security event detection and situational awareness;
Security awareness, education, and training;
Asset and inventory management, including both internal, external, and cloud systems;
Vulnerability assessment and mitigation, including vulnerability scanning, security configuration development and scanning, and internal and external penetration testing;
Continuous Diagnostics and Mitigation (CDM);
Risk management, audit coordination, and corrective plan management;
Systems security assessment and authorization and plan of action and milestones (POA&M) management;
Security policy, standards and guidance formulation and oversight.
Skills & Requirements
Experience with various Enterprise level Security Administration tools and processes;
Experience with day-to-day administration of various Computing platforms and Operating Systems;
Experience with Enterprise security audits and assessments including log collection, aggregation, analysis and reporting;
Experience with contingency planning support for emergency restoration and disaster recovery;
Experience with providing technical content for various Security Artifacts (eg SSP, System Administration and Engineering Gaps Remediation Reports, Test Analysis Reports, System Uptime Statistics, Tool Maintenance Logs, Configuration Management Data, Custom signatures and scripts, etc.);
Experience with managing Authority to Operate (ATO) related processes and tasks (eg POA&M, Action list, CI, etc.);
Applicable knowledge of the NIST SP 800-37 R2, Risk Management Framework (RMF) for Information Systems and Organizations and applicable NIST Special Publications especially for ATO and continuous improvement;
Intimate knowledge of the NIST Cybersecurity Framework (CSF); and
Strong communication, data collection, analysis and reporting skills.
Experience in enterprise level implementation of NIST SP 800-37 R2, Risk Management Framework (RMF) and NIST Cybersecurity Framework (CSF)
Experience in NIST CSF Assessments and Maturity models to develop task roadmaps; and
Able to think outside the box and provide innovative and positive recommendation of improvements to Security Architecture management, risk and issue mitigation and proactive design.
Years of Experience: 5+ years of experience or more in the detailed task areas
Education: Bachelor's degree in Business, Information Technology, Computer Science, Mathematics, or equivalent degree, (Technical Discipline preferred). The equivalent combination of education, professional training or work experience substituting each year of education with 1 year of experience (eg an Associate's degree with 7+ years of experience) will be acceptable. One or more of the following certifications are required (multiple preferred):
Certified Information Systems Security Professional (CISSP) - ISC2 - Preferred;
Microsoft Certified Solution Expert (MCSE) - Microsoft - Preferred;
Microsoft Certified Solutions Associate (MCSA) - Microsoft;
Red Hat Certified System Administrator (RHCSA) - Red Hat
CompTIA Linux+ - CompTIA;
CompTIA Advanced Security Practitioner (CASP+) - CompTIA.
Location: B ethesda, MD (Remote work option during Covid-19 restrictions).
Clearance: U.S. Citizenship required and ability to attain a Level 6: Public Trust - High Risk clearance which must undergo a Suitability Determination that includes a Background Investigation (BI) with Periodic Reinvestigation (PRI) reinvestigation every ten years.