IT Security Lead

Njvc Washington , DC 20319

Posted 1 week ago


Company Job Title:

IT Security Lead


Background Check


Washington, DC

Reports To:

Director of Business Development

FLSA Status:

Exempt, Full Time, Regular


The IT Security Lead will work with NJVC's customer, the Office of the CIO (OCIO) of the Alcohol and Tobacco Tax and Trade Bureau (TTB) under the Department of the Treasury in achieving their mission. The IT Security Lead is responsible for managing all work across program area 5, Information Security.

Duties and Responsibilities:

  • Maintain the InfoSec strategic plan and five-year roadmap;

  • Maintain the InfoSec operating plan and oversee tracking, reporting, and resource allocation of security team tasks, projects and goals;

  • Facilitate project and task status meetings with OCIO staff and other key stakeholders;

  • Outreach activities to the bureau population;

  • Support Enterprise Configuration Control Board (ECCB), Architecture Working Group (AWG) and other security committees;

  • Coordination of penetration testing activities;

  • Assist OCIO staff with FISMA, Public Key Infrastructure (PKI), and other data calls;

  • Assist OCIO staff with implementing changes to IT policies and procedures as needed when government regulations change, as needed to streamline, and/or become obsolete; and

  • Modernize and secure TTB's technology and information resources

  • Improve customer value by increasing the quality and lowering the cost of TTB's IT Products and Services

  • Design user-friendly tools and programs to improve customer service, lower barriers to voluntary compliance, and deliver trusted services

  • provides leadership, guidance, and direction in applying IT resources by adopting the OCIO IT goals as the standard

  • Provide OCIO with the resources providing Information Technology - Program Management (IT-PM) Support Services. These support services are organized into five program areas:

  • Infrastructure and Customer Service

  • Software Development and Maintenance/Software Quality Assurance,

  • Data Management and Architecture/IT Strategic Planning,

  • Acquisitions and Budgeting, and

  • Information Security.

  • Support correction of security program deficiencies.

  • Support TTB Public Key Infrastructure (PKI), smart card and biometric activities;

  • Support implementation and troubleshooting for logical access control systems (LACS), Credentialing Unit (CU) and light Activation Kits (LAK's), using Personal Identity Verification (PIV) cards;

  • responsibility to secure TTB mission critical information system resources, ensure adequate management, operational and technical security controls are implemented to protect the confidentiality, availability and integrity of TTB information system throughout its lifecycle.

  • Provide security architecture support for new and existing infrastructure, application, cloud, and security projects;

  • Provide hands-on, technical design, administration and implementation support for new and existing security tools and solutions;

  • Perform system upgrades to security tools and solutions and ensure no end of life/support products are being used;

  • Perform system/application technical reviews to ensure adequate security controls are included as part of the system/application;

  • Conduct security products/services testing and evaluations;

  • Recommend and implement technical controls/measures to correct system/application security deficiencies;

  • Provide architecture, design, and implementation support for security analytics platform and tools;

  • Provide guidance and oversight of Web Application Firewall (WAF) and source code scanning policies;

  • Support security aspects of Internet Protocol (IP) version 4 to IP version 6 transition planning and implementation; and

  • Research, evaluate, test, and recommend new emerging security tools and technologies to address gaps in security coverage or replacement of old technology.

  • Plan, direct, or coordinate activities in such fields as electronic data processing, information systems, systems analysis, and computer programming

  • Act in a supervisory and leadership role across this work area as well as supporting TTB to maintain its Information Security Program and IT security infrastructure

  • Other duties as assigned

Minimum Qualifications:
(To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)

  • Must be a U.S. Citizen or Lawful Permanent Resident Alien with at least three or more years of U.S. residency from the legal entry date in the U.S.

  • CISSP or equivalent certification

  • Minimum of 10 years professional experience related to Enterprise Network Design and Support:

  • A minimum of 6 years of experience related to information and cyber security / network defense

  • MS or BS w/ additional 2 years of experience

Knowledge, Skills and Abilities:

  • Customer and Personal Service Knowledge of principles and processes for providing customer and personal services. This includes customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction.

  • Engineering and Technology Knowledge of the practical application of engineering science and technology. This includes applying principles, techniques, procedures, and equipment to the design and production of various goods and services.

  • Penetration testing

  • Technical certification in specialized area of cloud, database, and/or cyber security

Physical Demands: (The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.)

  • While performing the duties of this Job, the employee is regularly required to sit and talk or hear. The employee is frequently required to walk; use hands to finger, handle, or feel and reach with hands and arms. The employee is occasionally required to stand; climb or balance and stoop, kneel, crouch, or crawl. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this job include close vision.

Work Environment: (The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.)

  • The employee will normally work in a temperature-controlled office environment, with frequent exposure to electronic office equipment.

  • During visits to areas of operations, may be exposed to extreme cold or hot weather conditions. Is occasionally exposed to fumes or airborne particles, toxic or caustic chemicals, and loud noise.

Chenega Corporation and family of companies is an EOE.

Equal Opportunity Employer Minorities/Women/Veterans/Disabled/Sexual Orientation/Gender Identity

Native preference under PL 93-638.

We participate in the E-Verify Employment Verification Program.



icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Lead IT Security Specialist

PPL Corporation

Posted 5 days ago

VIEW JOBS 3/15/2019 12:00:00 AM 2019-06-13T00:00 Leads projects, analyzes and solves complex problems, and recommends solutions in the below areas. General Security: * Track and understand emerging security practices and standards by participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations * Research information security standards; conducting system security and vulnerability analyses and risk assessments; identifying integration issues * Develop criteria to assess and validate IT security risks (e.g., DLP, IDS, NERC CIP) and relevant security architectures * Assess security system performance by conducting tests (e.g., penetration testing) * Maintain security by monitoring, ensuring compliance to standards, policies, and procedures; conducting incident response analyses; and conducting training programs * Upgrades security systems by monitoring security environment; identifying security gaps; evaluating and implementing enhancements * Prepares system security reports by collecting, analyzing, and summarizing data and trends * Assist in resolving security problems through the appropriate choice of error detection and correction, process control and improvement, or process design strategies Cyber Security: * Utilize intrusion detection systems (IDS's) to monitor network system (LANs, WANs, VPNs, routers, firewalls, and related security and network devices) for indicators of compromise (IOCs) * Integrate technical, managerial, and financial considerations when sponsoring solutions Network and Data Security: * Conduct ongoing review of multiple systems and sources to detect network access, network intrusion, and information integrity compliance risks * Proactively identify potential network threats and cyber threats, and recommend preemptive remedial actions * Investigate network security events, conducting root-cause analysis to identify threats for recurring incidents * Monitor and track incidents related to network access, network intrusion, cyber security, and regulatory compliance * Troubleshoot, diagnose network problems, and implement corrective action within prescribed guidelines to mitigate impact to business continuity * Support restoration of secure network services as quickly as possible while limiting business impact * Assist in minor network or system configuration changes to improve system security and meet regulatory requirements * Ensure that PPL EU systems and data management protocols adhere to regulatory requirements * Conduct activities related to data loss prevention (DLP), data encryption, key management, data privacy and regulatory requirements, and data access audits IT Access Management: * Research, design, and implement Identity and Access Management (IAM) solutions for systems to ensure the appropriate context-based and permission-based security policies are enforced on users and their devices and real-time * Conduct activities pertaining to identity verification, IDM, user personal information protection, and role management Physical presence in the office/on-site to engage in face-to-face interaction and coordination of work among direct reports and co-workers. May be assigned an Electric Utilities emergency and storm role. This is a special assignment that comes into play during storms and other emergencies when the company needs to restore power or respond to other issues affecting customer service. This role may necessitate the need to work after-hours, outside of your normal schedule. PPL Corporation Washington DC

IT Security Lead