Cyber Security Engineer III - Contract to Hire - Henderson, NV

Cyber Security Engineer III- Contract to Hire - Henderson, NV1 day remote after 60 days of on-site trainingPlease see bottom for important eligibility and contract informationGenuent's direct Goverment Client is in need of a Cyber Security Engineer III on an extendtable, 12-month, Contract to Hire basis in Henderson, NV. If interested, please email your professional resume to Sydney Tekstra at STekstra@genuent.com or call 714-586-5671.Summary: Under minimal supervision, architects, installs, configures, operates, implements, and maintains information security systems and operational processes. Manages cyber security incident response, vulnerability assessment, cyber security training, and Managed Security Services Programs; and performs related duties as assigned.Essential Functions: Acts as compliance subject matter expert by collaborating on projects with departments regarding their IT security and compliance needs.Security Operations:

• Oversees the daily operations of the Managed Security Services Program (MSSP) and vendor relationship, and Security Information and Event Management (SIEM) platforms
• Leads and/or participates in the definition, identification, evaluation, and selection of security technologies, techniques, and tools, manages relationships, and negotiates with vendors, outsourcers, and contractors to obtain security-related services and products
• Leads the Cyber Security Incident Response technical team and maintains awareness of security and privacy legislation, regulations, advisories, alerts, and vulnerabilities that apply to the CLIENT and its mission and makes recommendations for changes or enhancements
• Conducts annual audits and updates the Cyber Security Incident Response Plan Technical Handling Guides
• Acts as a security operations subject matter expert by collaborating on projects with departments regarding their IT security and compliance needs and provides escalation support for non-routine security anomalies and incidents

• Manages the Client's technical compliance programs for Nevada Revised Statutes (NRS), Payment Card Industry (PCI-DSS), Criminal Justice Information Services (CJIS) Policy, and the Health Insurance Portability and Accountability Act (HIPAA) as well as the cyber security training program, including executive reporting
• Manages vulnerability assessments program to identify security architectural, policy, and procedural gaps as they relate to operational security and risk and makes recommendations to mitigate overall risk
• Responsible for the development and maintenance of security policies, procedures, and guidelines as they relate to compliance, operations, and security best practices
• Manages and coordinates the Client's technical compliance programs; manages the responses to requests for legal holds, public records requests, and confidential investigations.

• Bachelor's Degree from an accredited college or university in Computer Science, Information Technology, Information Security, or a related field
• Five (5) years of experience in Cyber Security with an emphasis in analysis and incident response which includes:
  • Three (3) years of experience providing information security services in a highly regulated environment such as payment card industry, law enforcement or healthcare (PCI-DSS, CJIS, HIPAA); or
  • Three (3) years of experience supervising, developing, and supporting information security programs
• Note: An equivalent combination of related training and experience may be considered
• Must possess a current (ISC) 2 Certified Information Systems Security Professional (CISSP) certification at time of hire
• Must possess or obtain within six (6) months of hire the Payment Card Industry (PCI) Internal Security Assessor (ISA) certification OR the GIAC - Certified Incident Handler (GCIH) certification
• Must possess or obtain within two (2) years of hire at least three (3) of the below certifications and maintain them as a condition of continued employment.
  • (ISC)2 HealthCare Information Security and Privacy Practitioner HCISPP
  • (ISC)2 Certified Cloud Security Professional CCSP
  • ISACA Certified in Risk and Information Systems Control CRISC
  • ISACA - Certified Information Systems Auditor CISA
  • ISACA Certified Information Security Manager CISM
  • GIAC - Certified Forensic Analyst GCFA
  • GIAC - Certified Enterprise Defender GCED
  • GIAC - Certified Forensic Examiner GCFE
  • Splunk Enterprise Certified Admin
• Must pass a nationwide fingerprint-based record check, and a wants/warrants check.
• Must complete Security Awareness and National Crime Information Center (NCIC)/Nevada Criminal Justice Information System (NCJIS) certification within six months of hire/transfer and be recertified every two years. Must maintain certifications in NCIC/NCJIS as a condition of continued employment
• Desirable:Master's Degree in a related field
• Desirable: Familiarity with legal hold processes and requirements
• Desirable: Splunk operations and administration experience
• Desirable: Any of the following certifications:
  • GIAC - Cloud Security Essentials GCLD
  • GIAC - Cyber Threat Intelligence GCTI
  • GIAC - Continuous Monitoring Certification GMON
  • GIAC - Network Forensic Analyst GNFA
  • GIAC - Reverse Engineering Malware GREM
  • GIAC - Defending Advanced Threats GDAT
  • GIAC - Certified Detection Analyst GCDA
  • GIAC - Defensible Security Architecture GDSA
  • GIAC - Certified Windows Security Administrator GCWN
  • GIAC - Open-Source Intelligence GOSI
  • ISACA - Certified Information Systems Auditor CISA
  • Splunk- Enterprise Certified Admin

• Thorough knowledge of federal, state, local, and other information security regulations and compliance requirements which include PCI and HIPAA; vendor management, security product selection, configuration, and monitoring processes; the principles and practices of project management; security strategies and technologies; scripting languages; routing, switching, and bridging in LAN & WAN environments; access methods and network topologies, Windows and Linux server administration; incident response procedures and standards; designing and implementing security controls to identify vulnerabilities and protect electronic infrastructures; building, maintaining, and upgrading security technologies
• Good knowledge of security standards, regulations, and best practices; incident response procedures and standards; network-based and system-level attacks and mitigation methods; financial impact analyses processes and procedures; and secure configuration of workstation operating systems and software; DNS, DHCP and NTP; financial impact analysis processes and procedures
• Ability to analyze and define problem sources and conceptualize practical solutions based on the computing environment; organize and prioritize a series of requests based on dynamic factors; plan and implement solutions with foresight and consideration of future computing environments; diagnose and resolve complex computer-related issues; analyze programs, policies, and operational needs, and identify and recommend alternatives and improvements; communicate effectively with individuals from various socioeconomic, ethnic, and culturally diverse backgrounds; and establish and maintain effective and positive working relationships with those contacted in the course of work

• Meet the Minimum Requirements.
• Have competencies in the Knowledge, Skills, and Abilities.
• Successfully complete a thorough background check (local, state, federal) and other Client requirements.
• Successfully complete probationary period assignments.

• Vendor pre-screening based on required and desired knowledge, skills and abilities.
• Client review and selection of proposed candidates to move forward in the selection process.
• Vendor proctored exam.
• Client selection interview.

• FLSA Status: Exempt
• Wage Assignment: Pay Band 2
• Supervisory classification: No
• EEO 4 Category: Professionals