Location: Washington, DC
Our client is currently seeking a Information Systems Security Engineer
As a key participant within a cohesive Information Assurance (IA) and security engineering team you will share responsibilities for conducting STIG and FISMA compliant System Assessments and Authorization (SA&A) and maintaining continuous Approval To Operate (ATO) for customer built and maintained applications supporting missions worldwide. You will also share in responsibilities for maintaining security systems and conducting security operations for accredited infrastructures. The security engineering team culture promotes interaction among team members for determining best security direction for the program.
This job will have the following responsibilities:
- •Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800 Risk Management Framework (RMF) system and application accreditation •Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications
- •Analyze vulnerability scan results for validation and root cause
- •Perform security system event analysis, investigation, and validation
- •Provide incident response to classification spills, malware infection, misconfiguration exposure, internal inappropriate behavior and technical issue
- •Perform Independent Security Assessment and Reporting (ISAR) as part of application System Development Lifecycle (SDLC)
- •Participate in Lifecycle Management (LCM) Technical Change Control Boards (TCCB) providing technical guidance for security control compliance
- •Participate in Security Architecture Review Boards as part of security system Operations & Management (O&M) sustainment and architecture enhancement
- •Perform Security Technical Implementation Guide (STIG) and Federal Information Security Management Act (FISMA) assessments and annual reporting
- •Perform Security control assessments as part of Continuous Monitoring NIST SP 800-53 V4 compliance sustainment for application, infrastructure, and network
- •Task, track and mitigate Plan of Action & Milestones (POA&M) vulnerability scan and security assessment findings requiring mitigation.
- •Privileged User Account Management and Role Based Access assignment
- •Privacy Threshold Assessment (PTA) and Privacy Impact Assessment (PIA) as part of Personal Identifiable Information (PII) Management
- •Maintain Change Management Plans (CMP), Incident Response Plans (IRP) Information System Contingency Plans (ISCP), and System Security Plans (SSP)
- •Prepare and conduct training, exercises, and functional testing of IRP and ISCP
- •Manage and infrastructure service account tracking repositories
- •Operate and maintain (O&M) security assets that include Security Information and Event Management (SIEM), Intrusion detection (IDS), data loss prevention (DLP), and security audit log repositories and databases.
- •Design, build, and maintain big data audit log management solutions using traditional and team developed tactics, tools, and repositories Ideal Candidate: Candidates who are highly motivated, passionate in their IT security tradecraft, and looking to make a positive difference every day are best suited for this position. Candidates should possess a general level of understanding and basic level of experience across all team roles and responsibilities with a concentration of significant experience in at least 2-3 skill sets below. Preferred Skill Sets:
- •BS degree in Computer Science or Information Technology
- •3-5 years security system engineering, system operations & maintenance (O&M) Security Information & Event Management (SIEM), firewalls, Intrusion Detection Systems (IDS), Data Loss Prevention (DLP), audit log formatting/databases, and other types of data management technologies such as Splunk, ELK.
- •3-5 years application development using software development lifecycle (SDLC) process and tools
- •3-5 years system and application Certification & Accreditation (C&A), System Assessment & Authorization (SA&A), and/or Independent Validation and Verification (IV&V)
- •2-5 years security system monitoring, syslog and traffic analysis, and incident response
- •2-3 years developing and maintaining standard operating procedures and work instructions
- •2-3 years fulfilling Information System Security Officer (ISSO) and/or Information System Security Representative (ISSR) role
- •2-3 years fulfilling Windows and/or Unix administrator role or support
1.Location: Work performed in the Washington DC and Southern CA, and no remote work is possible. can live in one of those locations and will travel to the other 2.Travel: 60% travel (apprx.) 3.Schedule: 9 x 80 schedule 4.Duration: 6 months to 1 year+
If you're interested in a new role, please reach out to Praszl@judge.com
For immediate consideration, please attach your resume.Contact:
This job and many more are available through The Judge Group. Find us on the web at www.judge.com