Security Specialist
Wheat Ridge, CO

Job Description

Security Specialist

Wheat Ridge, CO

Overview

The Security Specialist within SLI Compliance provides day-to-day execution of the tasks necessary for operations and delivery of software and hardware security test engineering services to product manufacturers operating within the regulated voting and health IT industries. The Specialist ensures that voting system and electronic health record testing services meet rigorous federally defined security standards, which enables certification that the system satisfies the standards and that related system functionality operates in accordance with design requirements and specifications.

Duties and Responsibilities

* Provides assurance of quality throughout all security test activities and engenders confidence that the testing and related results are reliable and repeatable; maintains organized records of test activities and results
* Ensures continuous quality improvement of laboratory practices, including the development, modification, and enhancement of SLI Standard Lab Procedures (SLPs) and Test Methods (TMs)
* Communicates and enforces the policies and methodologies of SLI, including consistent adherence to formal SLPs and TMs
* Researches best practices in security test engineering and security test tools to ensure that SLI is applying these practices/tools and remaining a leader in test compliance-related industries
* Remains current with all vulnerabilities and security risks associated with client hardware, operating system and application software, all applicable federal election regulations, applicable state and local election regulations, and information provided to voting system test labs by the
* Election Assistance Commission (EAC) and with all applicable regulations and information provided to authorized testing bodies by the Office of the National Coordinator for Health Information Technology (ONC)
* Ensures that all laboratory processes,procedures, and practices conform to EAC, ONC and NVLAP policies and directives
* Maintains all laboratory hardware and software currently used for testing
* Develops and maintains all security test plans, procedures, and test data
* Validates, maintains and uses security test tools
* Uses test management tools for managing and maintaining test specifications and test traceability
* Performs other duties/tasks as assigned.

Job Specifications

* A technical 4-year degree in computer science, computer information systems, or engineering is recommended but substantial experience

can be substituted
* 3-5 years experience in the Enterprise Security space including experience within the following domains: encryption technologies, LAN/WAN/MAN security concepts, risk analysis, OS/database/application security concepts, identity management and workflow concepts, system, network, database and web administration
* 3+ years experience in the area of software development is a plus
* (ISC)2 (such as CISSP) and/or SANS equivalent certification is preferred; if the individual does not have this upon hire, he/she will be required to obtain this within 1 year post hire
* Well versed in the areas of NIST guidelines (such as the CSRC Special Publication series and Federal Information Processing Standards)
* Ability to create and maintain environments of various types (including Microsoft operating systems, Unix operating systems and various flavors of linux operating systems, as well as associated local area network configuration setup)
* Excellent oral and written communication skills, including the ability to present yourself in a professional manner at all times, but more specifically, at seminars, client meetings, and conferences
* Ability to understand and demonstrate to clients our corporate capabilities to meet client needs and expectations
* Excellent project management skills including the ability to translate project technical security needs into a task list, a required hardware and tool list, a project schedule, a schedule of resource needs, create test cases, perform tests, and document results
* Intermediate to advanced experience with common Security tools / security distributions (Such as Nessus, Wireshark, Burp Suite, Metasploit, Kali Linux, backbox, Parrot Security OS)
* Exposure to Security frameworks (COBIT, ISO 27000, NIST SP 800 Series, NIST Cyber security framework.)