Senate looks to hire first ‘chief of information assurance’
The U.S. Senate Sergeant at Arms office is looking to hire a cybersecurity professional with “red team experience” who can “manage multi-million dollar annual budgets,” according to a job posting published Friday.
Notice of the open SAA position came less than 24 hours before another leak of internal Democratic Congressional Campaign Committee information hit the Internet Saturday. As a result, SAA’s House counterpart reportedly spoke with House representatives this weekend to mitigate some apparent cyber threats.
The incident represents the latest cybersecurity challenge faced by a Sergeant at Arm’s office — an organization whose fundamental mission is to ensure the safety of U.S. lawmakers.
Linked by multiple private cybersecurity firms to a hacking group with affiliations to Russian intelligence, the highly publicized set of breaches’ latest chapter saw a list of personal contact information for numerous House democratic representatives — including that of top leaders like Minority Leader Rep. Nancy Pelosi, D-Calif. — appear online.
Leaked email and phone contact information was reportedly confirmed as authentic by lawmakers who subsequently received a myriad of troublesome, threatening messages and suspicious emails in the past several days. Pelosi reportedly discontinued use of her existing cellphone in exchange for a new number because of the leak, the Wall Street Journal reports.
An SAA spokesperson has yet to respond to Cyberscoop’s request for comment, regarding how the Senate office is prepared to defend against similar attacks aimed at Congress’ upper chamber.
Officially titled as the “Information Assurance IT Branch Manager,” the eventual SAA cybersecurity executive will manage an information assurance staff and be otherwise known as “Chief of Information Assurance” to the Senate. This individual will work to help the Senate “proactively identify, protect, detect, react and recover from… advanced cyber threat[s],” the posting reads.
The new Chief of Information Assurance will also be responsible for developing metrics to gauge successful defensive efforts, effectively train IA staff and introduce a certification program, and manage relations with federal contractors.
Additionally, the chief will “execute multiple risk management framework methodologies” across the Senate, including employment of the National Institute of Standards and Technology’s cybersecurity framework, according to the job listing.
The Chief of Information Assurance within the SAA is a first for the U.S. Senate.
Desired skills for the job notably include three-to-five years working with a penetration testing or some other form of vulnerability assessment team, experience leveraging cyber threat intel data and multiple years working either for a cybersecurity operations center or within a threat intelligence gathering operation.
The salary for the new SAA cyber executive position, according to the addendum, can reach as high as $155,065 per year. For reference, the average salary for a chief information security officer, or CISO, in the D.C. area is roughly $225,000, based on a 2016 report by SilverBull, an IT and cybersecurity staffing firm based in Manchester, Conn.
More information about the position can be found here.