Network/Security Engineer

CT-8035 (912090125)Network/Security Engineer with CCSA, CEH, CCSA, CISM, CISSP, GSEC and Security+ experienceLocation: Hartford, CTDuration: 12 monthsSkills:Security CCNP+ (security) NoSecurity CCSA (security) NoSecurity CEH (security) NoSecurity CISM (security) NoSecurity CISSP (security) NoSecurity GSEC (security) NoSecurity Security+>9 yrs exp Experience as a practitioner in the field of IT Security required. Minimum three (3) years of experience in designing and managing the implementation of Information System Security projects at the State or Federal Government levels preferred. Certified Information Systems Security Professional (“CISSP”) or Certified Information Security Manager (“CISM”) certifications required. Additional security certifications such as Certified Information Systems Auditor (“CISA”), Certified Secure Software Lifecycle Professional (“CSSLP”), Certified Authorization Professional (“CAP”), Certified HIPPA Security Professional (“CHSP”), GIAC HIPAA Security Certificate (“GHSC”) or Certified HIPPA Security Specialist (“CHSS”) preferred. • Strong demonstrable working knowledge of the Federal Information Security Management Act (“FISMA”) Information Security Governance Standards and the National Institute of Standards and Technology (“NIST”) Information Systems Risk Management guidelines. • Strong demonstrable working knowledge of the Health Insurance Portability and Accountability Act (“HIPAA”), Internal Revenue Service (“IRS”) and Social Security Administration (“SSA”) security regulations required. • Strong working knowledge of Best Practices regarding physical security evaluations. • Strong working knowledge of IT Security Best Practices regarding Data Networks and Networking, including but not limited to protocol analysis, anomaly detection, data loss prevention, intrusion prevention/detection and troubleshooting preferred. • Strong working knowledge of IT Security best practices regarding Windows and nix Servers preferred. • Strong working knowledge of IT Security Best Practices required regarding Relational Databases. Working experience at the State or Federal Government level is required in the following categories: • NIST guidelines and Federal Information Processing Standard (“FIPS”) certification requirements regarding the testing, selection, implementation and management of encryption technologies. • The development, maintenance and implementation of Federal Information Security Management Act (“FISMA”)/ NIST based Information System Risk Management methodologies, including but not limited to Risk Analyses methodologies, Data Classification Analyses, Control Analyses. • The management and successful completion of NIST based Risk Analyses. • The facilitation of workgroup meetings in specific Information Security areas of interest. • The interpretation and analysis of State and Federal Information Security regulatory requirements- experience with HIPAA, IRS and SSA regulatory environments preferred. • The provision of cost effective regulatory compliance solutions. • The development, maintenance, and implementation of project plans in accordance with standard project management methodologies. • The planning and analysis of Vulnerability Scans of wired and wireless data networks, Windows workstations, Windows and nix File Servers, Relational Databases and Web based applications.The scope of work requires senior IS/IT security specialists to collaborate with DOL stakeholders and prepare the following deliverables:Regulatory Compliance Reporting:Safeguard Security Report (SSR) and the Corrective Action Plan (CAP) regulatory compliance reporting packages ready for submission to the IRS prescribed due date of March 31st, 2022.Annual SQSP IT remediation.The semi-annual CAP reports on the remediation status of open findings from the IRS’ on-site audit.Develop IT policies and security proceduresDevelop a Risk assessment process for all systems that receive, process, store or transmit FTIDevelop an agency Incident Response PlanIRS Notification Reporting – 45 days ahead of the planned technology implementation, notification of activities that involve FTI – cloud computing.Redesign of the DOL Plan of Action and MilestonesSafeguard Security Report (SSR) and the Corrective Action Plan (CAP) regulatory compliance reporting packages ready for submission to the IRS.NOTE: Duration may be reduced or extended based on the completion of the project plan.CTE-RTRdoc