The ideal Security Engineer will have had prior experience working in a highly technical environment, be well versed in the current state of Information Security, and be able to interpret security requirements of relevant governing bodies (NIST, OMB, DHS, etc). The candidate will interface with federal employees and contractors to perform required support activities. The ideal candidate will have prior experience performing similar governance, risk, and/or compliance activities consistent with the experience/skill requirements documented below for a federal client in FTE and/or consultant capacity.
- Create, compile, and maintain security authorization packages and documentation as required by Federal security authorization guidelines described in NIST and OMB requirement documents.
- Enforce policies and guidelines as outlined within NIST SP 800-53 and DHS 4300A Sensitive Systems Policy.
- Provide guidance in the implementation of system specific features and security controls to ensure effective compliance with federal requirements as well promoting a healthy security posture for the implementation team and key stakeholders.
- Provide IT security consultation to system owners as to the other security documents, for example, security incident reports, equipment/software inventories, technical vulnerability reports, and contingency plans.
- Perform the necessary review, analysis, and reporting of key system attributes, weaknesses, and changes to the Information Systems Security Manager, System Owner, and Department Risk Management body to support the Continuous Monitoring of supported systems.
- Initiate, track, and manage the creation, opening, and closure of weaknesses via Department prescribed Plan of Action & Milestone (POAM) processes and procedures.
- Effectively communicate the risk and security posture to the Information Systems Security Manager, System Owner, Key Stakeholders, and consumers of security controls within your purview.
- Reporting IT security incidents in accordance with established policies and procedures.
- U.S. Citizenship Required
- Bachelor’s degree or equivalent combination of education and experience
- Positively adjudicated background investigation
- Experience with Information Assurance Compliance Tools (Xacta, TAF, etc.)Knowledge of Federal Government Authorization processes. (NIST 800-53, DHS 4300A, DIACAP)
- 5+ years of Information Technology Experience.
- Effective written and oral communications skills.
- Experience supporting Cloud application / security efforts. Previous AWS (Amazon Web Services) experience is preferred, but not required.
- Excellent interpersonal, interviewing, analytical and problem solving skills to address variable situations.
- General knowledge of industry security requirements, standards, and best practices.
- Experience creating, maintaining, and reviewing security compliance documentation. (Systems Security Plan, Contingency Plan, Risk Assessment, POAMs).Security Professional Certifications (CISSP, CISM, CGEIT, CRISC, CAP, CEH)
- Knowledge of policies, procedures and requirements
- Self-motivated participant of a highly team-oriented environment.
- Experience with security analysis tools such as Nessus, HP Fortify, HP Web Inspect, AppDetective.
If you would like to work for an innovative, forward thinking company that possesses a multi-talented, diverse, and thriving professional community, we would love to hear from you! Apply today!
|Job Category||Security Engineer|