Security Consultant

SECURITY CONSULTANT

Columbia, SC

1 YEAR+ CONTRACT

This specific Statement of Work is for a contractor who demonstrates expert knowledge of IT Security, preferably advanced knowledge of Networking, VMWare and Windows 2008. General duties include researching and summarizing national standards, including NIST, FIPs, ISO, IRS requirements, and state and federal laws, policies, and standards. The position will be heavily involved in developing agency policy for outside IT contractors, software, and hardware as it relates to functional information technology security.

This position at the client is one of several that will form a team of highly experienced Information Security professionals with time sensitive challenging projects. This contractor will be one member of a team that is comprised of proven experts in some or all of the fields of networking, virtual environments, security, encryption, network automation, centralized IT management, Microsoft server, system, and networking environments.

The following product/technologies are also part of the environment, but they are not a requirement to apply for this position. Experience in these areas would be a plus: SANs, Group Policies, VB Scripting, Microsoft Exchange, SharePoint, and MS Project.

RESPONSIBILITIES:

- Assists in the development and implementation of security policies and standards for IT related items procured by the agency (eg, hardware and software);
- Assists in the development and implementation of security policies and standards for IT services provided by outside contractors and third parties;
- Researches and reviews various national and international security standards (eg, Internal Revenue Service, Federal Information Processing (FIPS), National Institute of Standards and Technology (NIST), and International Organization for Standardization (ISO) and explains the results, both orally and in writing;
- Assists in the establishment of standards and controls to ensure that information assets and technologies are adequately protected; and
- Attends meetings with the Contract Attorney, General Counsel, Chief Information Officer, Chief Information Security Officer, and Deputy Director in order to determine agency policy as it relates to Information Security.

REQUIRED SKILLS:

- Oral and written communication skills;
- Hands-on experience drafting and reviewing information technology security policies and standards;
- Experience in developing and maintaining documentation for security policies, procedures, and best practices;
- Knowledge of software development life cycles and migrations from different environments;
- Providing continual consultation and written reports to senior management concerning security issues;
- Hands-on experience documenting and managing all aspects of security within an enterprise organization, including but not limited to:
- Firewall and IDS/IPS experience
- Virtual Private Networking (VPN)
- Network access policies
- Web filters
- Publically accessible assets
- Active Directory
- Security compliance for third party and/or in-house developed applications
- Virtualization and Storage area networking security
- Anti-Virus management
- Experience preparing and submitting Security Program evaluations and compliance reports;
- Proven experience developing, implementing and administering all aspects of a successful Security Program, including physical, technical, personnel, procedural and electronic security;
- Experience defining processes to maintain security equipment, test intrusions, and the ensure alerting of threats; and
- Working with other Department leaders, designing security components for operations and other strategic processes, and supervising the development and implementation of required security reporting devices and processes at all levels.

PREFERRED SKILLS:

- At least 10 years of experience working as the Chief Information Security Officer, Security Officer, Security Consultant, or Security Analyst for a state or federal agency or large corporation
- Extensive working knowledge of Internet protocols, tools, and techniques including but not limited to:
- Virtual Private Networking (VPN)
- TCP/IP, Local Area Networks (LAN), Wide Area Networks (WAN)
- Network device operating systems security configuration
- Internet security
- Internet Information Server
- Knowledge of Virtual Machine operation, strengths, and weaknesses
- Experience with VMWare ESX security
- Support of web-based applications for internal (Intranet) sites and external (Internet) sites
- Working technical knowledge of current network hardware, protocols, and Internet standards, including TCP/IP, DNS, and DHCP
- Experience and working knowledge of backup products and methodologies