Position Summary

Join a growing, fast-paced and high-performance small business. Information security is an integral part of our corporate foundation and culture. The successful candidate will work on a project team on site with the client in Stafford, VA supporting Archer eGRC development and implementation for a federal customer. You'll be working directly with the Archer eGRC application in support of global development and implementation and RSA Archer support to implement and establish continuous improvement and expansion on the Archer platform. This role will coordinate among enterprise stakeholders to ensure the RSA Archer solution meets requirements and deliverables for a world class risk management tool.

Responsibilities

• Supply recommendations and SME knowledge for the continued development of the Cyber Security RSA Archer platform


• Integrate and maintain multiple data feeds of external data into the RSA Archer platform


• Provide administration for the Archer implementation


• Serve as the SME for the configuration of Archer during upgrades, patching and across testing and production environments


• Team with data analysts, security SMEs to develop dashboards and produce key information for executive and leadership reporting and decision making


• Work with teams to produce actuate key security metrics for IT assessments


• Maintain in-depth knowledge of relevant policies, security standards, processes and controls


• Produce trending and analytics on demand using legacy data


• Engage where needed to implement ratings, risk rankings, and prioritization from both internal and external sources


• Interpret legal, compliance and privacy feedback on the Archer tool and data, implement controls and safeguards


• Work with external vendors and consultants on global delivery and implementation teams which impact Archer efforts


• Assist coordination and implementation of appropriate Cyber Security governance, metrics collection, and reporting capabilities globally


• Provide consultancy for analysis and identification of broader systemic issues based on results of security metrics


• Provide guidance on implementing Cyber objectives through the Archer tool, maintain mappings of specific corporate controls


• Interact and assist other investigative teams on time sensitive, critical investigations

Requirements

• Bachelor’s Degree in Cyber Security, Information Security, or Computer Science (or related field) or equivalent work experience


• 5+ years of experience in Information Security with experience in Cyber Security, Vulnerability Management, Security Configuration Management, Web Application Security, eGRC, security dashboards, security analytics and metrics development


• 5+ years in audit, risk management, governance and/ or compliance function desired


• Hands on development with the RSA Archer eGRC solution for a global organization


• Familiar with Security Single Pane of Glass implementations or frameworks


• Experience in designing, implementing and/or managing Cybersecurity dashboard, security based eGRC, or Security Analytics and Metrics portal


• Deep understanding of Cyber Security workflow and process methodology


• Comfortable working with security data to include Vulnerability scans, Application scans, Policy Compliance, Incidents and Threat feeds


• Training and evangelizing information security to Executive leaders, Engineers and Users.


• Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, large scale transaction processing environments, external hosted services and cloud computing environments. Extensive knowledge and experience with physical and virtual server configurations and implementations.


• Extensive experience working with perimeter technologies and security tools.


• Extensive knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines


• Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVS) and Open Web Application Security Project (OWASP) processes and remediation recommendations.


• Moderate to strong scripting/programming skills and familiarity with ethical hacking beneficial


• Experience working in a team of security subject matter experts


• RSA Certified Administrator Certification


• Scripting skills (Java, Python, Perl, Ruby, Python, C/C++)

• Current DoD Secret clearance


• M.S. Degree in related field


• Security and relevant IT-related certifications a plus: CISSP, CRISC, GIAC, CCIE, CCNP, ITIL etc…