Job ID 2019-3098
OBXtek Inc. is an established, award-winning, service disabled veteran owned business providing information technology and professional management services to the federal government. Our corporate growth has coincided with our investment in our employees as well as in outreach to our civilian and military community.
OBXtek is currently staffing for a Security Risk Manager to p rovide operational risk management support for EITS managed systems and services for the Department of Energy. Evaluate computer systems and network security risks and submit recommendations to reduce, mitigate, or completely eliminate risk. Help to identify threats, vulnerabilities, and possible or known attacks and attack vectors, and then recommend corrective actions to minimize impact to systems, services and network resources.
Tasks include the following:
Provide integrated support to EITS system and application owners and assist Information System Security Officers (ISSO), as well as support reporting, briefings and analysis.
Provide support and assistance during audits and data calls.
Perform vulnerability assessment scans for EITS managed assets, systems and services and report any anomalies, unapproved system configurations, and detected vulnerabilities.
Perform as liaison for all independent audits by outside entities and assist in the analysis and resolution of audit findings and management responses to audit findings.
Perform vulnerability assessment and management oversight activities for assets in the managed Enterprise
Perform periodic and ad-hoc scans are required from time to time to support A&A activities.
Work with system and application owners to assess and remove suspected or confirmed false positives and duplicates and prepare the findings in a report.
Provide reporting of the highest risk systems for each defined system categorization group.
Prepare and deliver vulnerability and patch management briefings
Monitor the status of POA&M items and notify the specific system or enclave owner if POA&Ms are not completed or are overdue.
Perform risk management activities to include Risk Framing, Risk Assessment, Risk Response and Risk Monitoring
Evaluate proposed changes for potentially adverse effects on the security posture and risk level.
Evaluate all newly deployed servers and applications in environment and verify that the asset has been cleared and is free of vulnerabilities, any reported vulnerabilities have been mitigated and STIGs have been properly applied.
Identify risk mitigation requirements and recommendations.
7 years of Information Assurance cybersecurity experience.
4 years of experience applying NIST policy, direction, and guidance to customer environments.
Must have MS Certification for Windows 7, 8 or newer.
In addition, experience with:
Network/system architecture design and implementation
Security configuration with Microsoft servers, Red Hat Linux Enterprise OS, and Unix OS
VMWare, database and border device security.
Host Based Security System monitoring
Auditing system accounts, security logs, and system and network anomalies
Headquartered in Tysons Corner, Virginia and founded in 2009, OBXtek is a fast-growing leader in the government contracting field. Our mission is Our People...Our Reputation. Our people are trained professionals who enhance our customers' knowledge and innovation using technology, collaboration, and education.
We offer a robust suite of benefits including comprehensive medical, dental and vision plans, Flexible Spending Accounts, matching 401K, paid time off, tuition reimbursement plans and much more.
As a prime contractor for 93% of our current work, OBXtek pairs lessons learned across disciplines with industry standard quality practices such as CMMI-Dev Level III, ITIL, 6Sigma, PMI, and ISO. Our rapid growth has been recognized by INC500, the Washington Business Journal, and Washington Technology magazine.
OBXtek is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, age, national origin, gender identity, disability, veteran status, sexual orientation or any other classification protected by federal, state or local law.
OBXtek is a human-driven cybersecurity, logistics, intelligence, and information technology company that pledges excellence and honesty throughout our engagements. OBXtek's accomplished teams have an established reputation for consistently and efficiently achieving goals for our portfolio of federal government customers.