InfoSec Engineer III

  • Washington D.C., DC
  • Posted 13 days ago | Updated 13 days ago

Overview

On Site
$60 - $65
Full Time

Skills

Certification and Accreditation
NIST
Risk Management Framework
Vulnerability Analysis
information assurance
800 - 53
C & A
Configuration Management
Information Security
Disaster Recovery

Job Details

Summary of Role:

  • The InfoSec Engineer will have direct experience developing IT security policies, architectures, and standard operating procedures with a strategic perspective.

  • Extensive knowledge of and practical experience with implementing standard methodologies used in the Risk Management Framework (RMF) process (Formerly referred to as Certification and Accreditation (C&A)).

  • Expert-level knowledge and experience with National Institute of Standards and Technology (NIST) guidelines and industry best practices for: Risk Assessment and Management, Vulnerability Analysis, Contingency Planning, Disaster Recovery, Configuration Management, Security Assessments and developing Mitigation Plans.

  • Must have a minimum of 4 years direct full-time experience conducting security assessments and developing all deliverables within a system authorization package.

  • Must have detailed and extensive experience with implementing, evaluating, and documenting all technical, management, and operational security controls as defined by the NIST SP 800-53 (as amended).

Education:

  • Bachelor s Degree and six years relevant experience, Master s Degree and five years relevant experience, or eight years relevant experience.

  • Industry-recognized technical certification accepted in lieu of one year experience.

Functional Responsibility:

  • Will provide multi-discipline security administrative and technical security support to the organization.
  • Areas of responsibility include Physical, Computer, Personnel, Information, Administrative, Operational, and Communications Security analysis, assessment, and reporting. Specific roles include:
  • Provide recommendations to organizational stakeholders for the integration of security processes and compliance with Federal regulations and Departmental policy.
  • Direct security efforts to increase efficiencies and enforce a global security mindset.
  • Provide strategic guidance for the further development of the security program.
  • Develop policies and procedures supporting regulations, directives, and Departmental policy.
  • Assist senior management with establishing a plan of action for the remediation of weaknesses.
  • Provide direct information assurance guidance pertaining to the development and modification of information systems and industrial control systems.
  • Provide strategic insight and continuous support for the integration of the system development life cycle.
  • Provide recommendations concerning new and existing projects and assist project managers with security oversight.
  • Coordinate with representatives and Subject Matter Experts (SME) from other Federal Agencies and commercial organizations to maintain awareness of upcoming changes to regulations and technologies.
  • Develop Risk Assessments in accordance with NIST guidance and deliver risk analysis and guidance as needed to organizational leadership.