The Office of the Chief Administrative Officer (CAO) provides operations support services and business solutions to the community of 10,000 House Members, Officers and staff. The CAO organization comprises more than 650 technical and administrative staff working in a variety of areas, including information technology, finance, budget management, human resources, payroll, child care, food and vending, procurement, logistics and administrative counsel.
The incumbent in this role provides leadership in the development and effective application of information security tools, policies, and procedures in support of the Information Systems Security Program for the U.S. House of Representatives. Performs systems administrative and technical duties relating to information security initiatives. Recommends security risk mitigations or other countermeasures on system, network, software design and architecture. Reviews proposed new systems, networks, and software designs for potential security risks. Provides technical assistance to Member, Committee, and Support Offices to mitigate security vulnerabilities.
This position does not have supervisory responsibilities. This position may require the ability to perform on-call duties and work shifts to provide 24 hours a day, 7 days a week technical support for the House information security technology infrastructure.
1. The ability to perform triage and root cause analysis on security events:
a. Investigate and identify the root cause behind security incidents – to include all stages of the cyber kill chain as appropriate
b. Document the flow of data and identify multiple distinct data sources where suspicious behavior can be identified – must also be able to identify supplemental sources where similar data may be found
c. Investigate an incident, develop/communicate a timeline, and identify multiple scenarios based on the investigation
2. The ability to communicate the status of the House security operations, to include developing, executing, documenting, and training repeatable organizational metrics
3. The ability to improve and implement indicators and protection policies across varying platforms, operating systems, databases, and management systems.
4. The ability to execute all previously defined standard operating procedures and to develop new procedures and train teammates on them
5. The ability to parse and analyze logs, develop, and document content to codify its use for other analysts
6. The ability to develop content on House security systems to identify suspicious and/or malicious activity
7. Perform quality assurance on all analysis
8. Subject Matter Expert (SME) on at least one data/log categories such as Active Directory, Authentication, Network IDS, Host IDS, Web Services, Firewalls, Netflow/DNS
9. Serve as rotating shift coordinator to provide surge support, escalation, and perform coordination and reporting for analysts
10. Has the ability to communicate with and assist member offices in developing and deploying secure configuration settings and practices – and developing automated mechanisms to change and enforce configuration settings.
11. Provides technical responses to system owners in the development and technical review of System Security Plans which document all technical and procedural security features of a system.
12. The ability to develop detailed multi week independently executed project plans providing timely updates
13. Responds to security requests from Members, Committees and House support offices.
14. Handle ad-hoc requests from leadership
15. Performs other official duties as required.
Grade 12 (in addition to above duties):
1. Participates in the development of technical security standards to support policies including monitoring standards and incident investigation procedures.
2. Participates in the development of maintenance schedules and policies to maintain the optimal operation of the security systems.
3. Works with executive management to determine acceptable levels of risk for the enterprise.
4. Has the ability to determine gaps in current capabilities, evaluate new settings and technologies, and recommend improvements to remediate those gaps – at both a technical and process level.
5. Has the ability to work with security tools that emulate adversary like actions and personnel to develop, document, and test detection mechanisms
6. Has the ability to develop and document a hunt plan and the capability to develop standardized detection mechanisms based on the hunt plan
7. Strong understanding of multiple tools within Cybersecurity.
8. The ability to develop detailed multi month and resourced project plans providing timely updates