Overview
Skills
Job Details
Summary of Role:
The InfoSec Engineer will have direct experience developing IT security policies, architectures, and standard operating procedures with a strategic perspective.
Extensive knowledge of and practical experience with implementing standard methodologies used in the Risk Management Framework (RMF) process (Formerly referred to as Certification and Accreditation (C&A)).
Expert-level knowledge and experience with National Institute of Standards and Technology (NIST) guidelines and industry best practices for: Risk Assessment and Management, Vulnerability Analysis, Contingency Planning, Disaster Recovery, Configuration Management, Security Assessments and developing Mitigation Plans.
Must have a minimum of 4 years direct full-time experience conducting security assessments and developing all deliverables within a system authorization package.
Must have detailed and extensive experience with implementing, evaluating, and documenting all technical, management, and operational security controls as defined by the NIST SP 800-53 (as amended).
Education:
Bachelor s Degree and six years relevant experience, Master s Degree and five years relevant experience, or eight years relevant experience.
Industry-recognized technical certification accepted in lieu of one year experience.
Functional Responsibility:
- Will provide multi-discipline security administrative and technical security support to the organization.
- Areas of responsibility include Physical, Computer, Personnel, Information, Administrative, Operational, and Communications Security analysis, assessment, and reporting. Specific roles include:
- Provide recommendations to organizational stakeholders for the integration of security processes and compliance with Federal regulations and Departmental policy.
- Direct security efforts to increase efficiencies and enforce a global security mindset.
- Provide strategic guidance for the further development of the security program.
- Develop policies and procedures supporting regulations, directives, and Departmental policy.
- Assist senior management with establishing a plan of action for the remediation of weaknesses.
- Provide direct information assurance guidance pertaining to the development and modification of information systems and industrial control systems.
- Provide strategic insight and continuous support for the integration of the system development life cycle.
- Provide recommendations concerning new and existing projects and assist project managers with security oversight.
- Coordinate with representatives and Subject Matter Experts (SME) from other Federal Agencies and commercial organizations to maintain awareness of upcoming changes to regulations and technologies.
- Develop Risk Assessments in accordance with NIST guidance and deliver risk analysis and guidance as needed to organizational leadership.