Overview
The Security Specialist within SLI Compliance provides day-to-day execution of the tasks necessary for operations and delivery of software and hardware security test engineering services to product manufacturers operating within the regulated voting and health IT industries. The Specialist ensures that voting system and health IT testing services meet rigorous federally defined security standards, which enables certification that the system satisfies the standards and that related system functionality operates in accordance with design requirements and specifications. The Security Specialist reports to the Director for this role.
Job Specifications
- A technical 4-year degree in computer science, computer information systems, or engineering is recommended but substantial experience can be substituted
- 5+ years experience in the Enterprise Security space including experience within the following domains: encryption technologies, LAN/WAN/MAN security concepts, risk analysis, OS/database/application security concepts, identity management and workflow concepts, system, network, database and web administration
- 3+ years experience in the area of software development and software installation
- 3+ years experience as a Security Consultant in the IT software industry
- (ISC)2 (such as CISSP) and/or SANS equivalent certification required
- Well versed in the areas of NIST guidelines (such as the CSRC Special Publication series and Federal Information Processing Standards)
- Ability to create and maintain environments of various types (including Microsoft operating systems, Unix operating systems and various flavors of linux operating systems, as well as associated local area network configuration setup)
- Ability to present themselves in a professional manner at all times, but more specifically, at seminars, client meetings, and conferences
- Ability to understand and demonstrate to SLI’s clients our corporate capabilities to meet client needs and expectations
- Ability to translate project technical security needs into a task list, a required hardware and tool list, a project schedule, a schedule of resource needs, create test cases, perform tests, and document results
Duties and Responsibilities
Test Operations Oversight and Management
- Oversees the day-to-day operations of the SLI Security Test Operations
- Provides adequate assurance of quality throughout all security test activities and engenders confidence that the testing and related results are reliable and repeatable; maintains organized records of test activities and results
- Ensures continuous quality improvement of laboratory practices, including the development, modification, and enhancement of SLI Standard Lab Procedures (SLPs) and Test Methods (TMs)
- Communicates and enforces the policies and methodologies of SLI, including consistent adherence to formal SLPs and TMs
- Researches best practices in security test engineering and security test tools to ensure that SLI is applying these practices/tools and remaining a leader in test compliance-related industries
- Communicates with the Director and the Quality Assurance Manager regarding policies, procedures, best practices, and quality improvements
- Remains current with all vulnerabilities and security risks associated with client hardware, operating system and application software
- Remains current with all applicable federal election regulations, applicable state and local election regulations, and information provided to voting system test labs by the Election Assistance Commission (EAC)
- Remains current with all applicable regulations and information provided to authorized testing labs by the Office of the National Coordinator for Health Information Technology (ONC)
- Ensures that all laboratory processes, procedures, and practices conform to EAC, ONC and NVLAP policies and directives
- Maintains all laboratory hardware and software currently used for testing
Test Practices Delivery
- Develops and maintains all security test plans, procedures, and test data
- Validates, maintains and uses security test tools
- Uses test management tools for managing and maintaining test specifications and test traceability
- Opinions and interpretations: Remains aware of situations where opinions or interpretations may apply, identifies and evaluates any opinions or interpretations, and communicates them to the Test Lead or Test Manager
- Continuously seeks opportunities to improve the test methodologies used both in the lab and at client facilities
- Performs other duties/tasks as assigned.