TECHNICAL PROGRAM MANAGER

Zermount, Inc

  • Arlington, VA
  • Permanent
  • Full-time
  • 1 month ago
  • Apply easily
TECHNICAL PROGRAM MANAGERMILITARY FRIENDLY & PREFERRED - HOH SPONSORZermount, Inc has a requirement for a Technical PM who will support our client by providing project management and technical security expertise for our IT Security Services Team. The Technical PM is expected to provide advisory in securing enterprise information and systems, by determining security requirements; planning, designing, implementing, and testing systems and security technologies; developing security standards, policies, and procedures; and mentoring team members.The Technical PM will be able to provide technical services, oversight and quality assurance for the following activities: Security Operation Center (SOC) / Incident Response (IR); Application Security Assessments; Hardening Guides and Secure Configuration Baseline (SCB's) updates and development; Security Engineering and Architecture; IT Security System Administration; and IT Security Testing (Assessments - Security Control (SCA), & risk; Scanning - vulnerability, compliance, configuration, database, web application, continuous monitor, and ad-hoc; secure code analysis, penetration testing, and Security Controls Assessments (SCA's). Responsible for ensuring the proper level of analysis is conducted for assessments and testing activities are conducted and accompanied with practical mitigation solutions and recommendations. Support the development and updating of documentation such as configuration management guides, technology administration guides and Standard Operating Procedures (SOP's) is required.The Technical PM will evaluate security products (new and existing) to ensure proper functionality, configuration, implementation, and usage, eliminate duplication of tools, recommend new tools, and ensure compatibility with information security policy. Performs routine audits and vulnerability assessments to include analysis of findings and recommendations to ensure compliance with security policy. Participates in audits or reviews of desktop systems, operations methods, and assessment risks. Assist with the development of policy related to IT Security.As the Technical PM, you will be expected to develop and present special projects to the client and executive management; which address a problem or an identified gap which requires a solution, or special project to improve the security posture, decrease the overall risk level, add an additional level of security, increase the Return on Investment (ROI), or to assist in the development of new capability or services which are required or which there is a need. Special projects will be identified and documented according and prioritized based on the situation and requirements.DUTIES & RESPONIBILTIES
  • Provide day-to-day management of the IT Security Services Team, develop project schedules, reports, and briefings in accordance with the contract requirements.
  • Serve as the Senior Technical Security Engineer/Architect on matters of enterprise security across all client systems, engineer, architect, implement, deploy, maintain, and administer commercial and open-source products.
  • Must have a strong background in security engineering for both on-premises and cloud-based systems (Amazon Web Services, Google Cloud Platform, and Azure).
  • Support the security activities associated with the evaluation and introduction of new security technologies into the OCIO environment.
  • Activities include Program level compliance inspections, audits, and other security reviews; Oversee, evaluate, and support the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's Information Assurance (IA) requirements and ensures compliance from internal and external perspectives; Design, develop, maintain, security artifacts (e.g., Detailed security drawings expressing current system security architecture; inventories of resources used by client systems; and Security baselines based upon applicable policy.
  • Conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations, enterprise, or local policy, assess the level of risk, and develop and recommend appropriate mitigations.
  • Assist engineers and testers with performing analysis to determine the optimum configuration of network and host sensors.
  • Analyze and recommend resolution of information security problems based on knowledge of the major information security products and services, an understanding of their limitations, and a working knowledge of the disciplines of cybersecurity.
  • Develop alternatives of system designs and/or architectures which consider trade-offs between security requirements, functional/operational requirements, and cost.
  • Provide risk analysis for vulnerabilities, incidents and change requests and advise on the impact of new or changing applicable federal policy changes.
  • Advise on the impact of new or revised legislation and regulations. Provide security engineering expertise in coordination with Enterprise Architecture and Technical Review Board to conduct technical review board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms.
  • Support technology-related architecture guidance delivered in the form of briefings, email, or white papers addressing information security architecture vulnerabilities, risks, mitigation response, and emerging opportunities.
  • Conduct research and present analyses to evaluate and/or determine emerging industry technology trends, government agency best practices, and security issues.
  • Enhances team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for the client and less experienced team members; teaching improved processes; mentoring team members.
  • Determine security requirements by evaluating strategies / requirements; research IT security standards; conduct security and vulnerability analyses and risk assessments; review architecture/platform; identify integration issues; prepare cost estimates.
  • Provide expertise and guidance to OCIO on DevSecOps / secure development, operational systems, and enhancements in support of the client's mission.
  • Assist business owners, system owners, and system engineers with selecting and implementing controls that maintain a high level of security and protect patron privacy.
  • Provide subject matter expertise for creation and implementation of security-related hardware and software pilots to enhance the client's security posture.
  • Identify gaps in security tool capabilities and provide solutions to address them.
  • Provide advice and knowledge on Zero Trust architecture and technologies.
  • Monitor and ensure compliance with standards, policies, and procedures; conduct IR and threat analyses; developing and conducting training programs.
  • Prepare security reports by collecting, analyzing, and summarizing data and trends.
  • Enhances company and client's reputation by accepting ownership for accomplishing new and different requests; exploring opportunities to add value to job accomplishments.
  • Select, design, and create appropriate tools for testing efforts and develop appropriate Rules of Engagement (ROE) and appropriate schedules.
  • Assist the team in performing technical security services for the client.
  • Develops, designs and documents methodologies, tactics, techniques, and procedures - develops mentorship and training program for IT Security Services team.
QUALIFICATIONS:
  • Must have at least 10 years of experience managing IT Security programs with for a minimum of 5000+ users, 10,000+ assets, and numerous tools.
  • Required to have at least 15 years of experience working in the IT Security field to include technical IT Security testing.
  • Must have experience leading teams, minimally, of 10 direct reports: and developing, implementing, and managing project schedules.
  • Must have the ability to manage multiple projects, work under pressure and tight deadlines, work independently, and work in a team environment.
  • Demonstrates successful leadership and management skills.
  • Demonstrates a proficiency with security technologies (commercial and open source), e.g., Netwitness, FireEye, CoreImpact, Tenable, Splunk, Fortify, WebInspect, Archer GRC, Carbon Black, Palo Alto, Prisma, and Data Loss Prevention (DLP) solutions.
  • Experienced with providing Security consulting, engineering, and Architecture support for numerous cloud environments (e.g., AWS, Azure, and Google).
  • Depth of experience with multiple operating systems (e.g., Windows, Linux, and Mac).
  • Experience with multiple data bases (e.g., SQL, MySQL, and Oracle).
  • Displays technical experience with conducting research and providing reviews and recommendations on threat and vulnerability mitigations.
  • Technical experience with conducting and reviewing security, configuration and vulnerability scans, analysis techniques, remediations, testing activities and DevSecOps.
  • Possess expertise in Security Architecture/Engineering principles, conducting security testing, analytical skills, and technologies.
  • Possess the ability to explain and breakdown technical details, and solutions to executive management and not technical parties - ability to explain the true business impact.
  • Good understanding of network protocols, design, and operations.
  • Strong analytical skills and efficient problem solving.
  • Experienced writing security related procedures and guidelines.
  • Experience with NIST Special Publications and guidance.
  • Knowledge of scripting and programming experience is beneficial.
  • Excellent report development and presentation skills.
  • Customer facing skills and a proven track-record of building client relationships.
  • Flexibility to change direction and manage conflicting demands.
  • Outstanding organizational and data analytics skills.
  • Consulting experience is advantageous with a proven ability to understand and meet client needs and develop a positive dialogue and outcome.
  • Experience of using problem solving techniques and developing solutions to mitigate risks.
  • Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.
  • Proficient in Microsoft® Office suite to include Project, and other office automation products.
  • Must have the ability to effectively communicate both orally (in common English narration) and in writing (to include technical documentation).
EDUCATION:
  • Minimum of bachelor's degree in Computer Science, IT, Engineering, or similar fields. Years of experience will be taken into consideration, in place of a degree.
CERTIFICATIONS:
  • Must have a minimum of one (1) IT Security certification at the IAM II or III Level referenced in the Department of Defense Approved 8570 Baseline list.
  • Additional certifications preferred are:
  • PMI PMP; and
  • ITIL
CLEARANCE:
  • Public Trust
  • Must be a United States citizen.
WORK LOCATION and HOURS:
  • Location: Remote with occasional travel to Zermount HQ, and client location in Washington DC
  • Business Hours: 7:00 am - 7:00 pm
  • Core Hours: 9:00 am - 3:00 pm

Zermount, Inc