• Sr. Information Assurance Subject Matter Expert

    Job Locations US-DC
    Job ID
    # of Openings
    Information Technology
    Work Authorization
    US Citizens, preferred
  • Overview

    VariQ is seeking a Sr. Information Assurance Subject Matter Expert.


    Additional Information:

    • Location: St. Elizabeth's campus in Washington, DC
    • Salary: Dependent upon experience
    • Security Clearance:Active TS (DoD) is required, and an active DHS EOD 6c clearance is HIGHLY desired
    • Available: ASAP



    • Work with other information and physical security system security personnel; IT Operations and Enterprise Management System engineering teams and others to implement; refine and maintain an appropriate vulnerability and patch management security program
    • Manage the St. Elizabeth’s Vulnerability Management Team tasked with:
    • Defining/supporting DHS vulnerability management and security assessment standards and metrics
    • Conducting and maintaining vulnerability scanning on networks; systems and applications
    • Producing actionable; risk-based reports on security assessment results
    • Managing; training and mentoring more junior team members
    • Assisting with vulnerability remediation when necessary
    • Developing and maintaining security plans and security testing plans
    • Deliver expected results based on appropriate FISMA score category targets across 7 of 11 security automation domains for Continuous Monitoring of system risk
    • Report directly to IA SME Lead and assist other security life cycle activities as necessary
    • Direct Recertification & Accreditation activities for 8 (eight) discrete IP-based networks and assist IA SME Lead with managing schedule to completion (ATO)
    • Be responsible and accountable for all task and reporting deadlines
    • Continuously improve risk models; metrics; reports; processes; and activities
    • Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.
    • Manages the security of information systems assets and the protection of systems from intentional or inadvertent access or destruction.
    • Supervises assigned staff.
    • Recognizes potential; successful; and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
    • Perform preliminary forensic evaluations of internal systems.
    • Interfaces with client to understand their security needs and oversees the development and implementation of procedures to accommodate them.
    • Ensures that the user community understands and adheres to necessary procedures to maintain security.
    • Weighs business needs against security concerns and articulates issues to management and/or customers.
    • Maintains current knowledge of relevant technology as assigned.
    • Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation
    • Maintains current knowledge of relevant technology as assigned.
    • Participates in special projects as required.



    • Bachelor’s Degree in Computer Science or a related technical discipline, or the equivalent combination of education, technical training, or work experience.



    • 10-12 years of information security management experience; preferably in the DoD/DHS/DOE context
    • Advanced knowledge of network security concepts; best practices and procedures including FISMA/NIST RMF and DITSCAP/DIACAP
    • Experience managing vulnerability mitigation and information security process in an enterprise environment
    • Experience managing vulnerability assessment teams
    • Proven ability to Lead customer-facing reporting and negotiation activities
    • Ability to produce and disseminate reports for vulnerability assessments and compliance reporting
    • Strong knowledge of Windows client/server; *NIX systems; VMWare; networking; VTC/ VoIP; device firmware; web/application servers; databases; and network architectures (hands on preferred; manages highly technical team)
    • Ability to manage vendor relationships and track externally dependent patching activities; driving the threat research life cycle
    • Ability to learn complex computing environments quickly; memorization skills desired
    • Broad understanding of all aspects of IT and enterprise systems interoperability (OSI Model; SDLC; ITIL; etc.)
    • Coordinate with other team (SOC; IR; RMD; Ops; Management; etc.) activities as necessary
    • Support threat intelligence activities when required


    Required skills/experience:


    • ISSO experience a must
    • Current DHS HQ Entry on Duty (EOD) holders given preference
    • DoD Top SECRET required
    • Strong communication skills and the ability to work with diverse teams
    • CISSP certification or other DoDI 8570 IAM II required (will consider other management certs e.g.; PMP)


    VariQ is an equal opportunity employer.


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed