information System Engineer

Overview

On Site
$50 - $55
Full Time

Skills

NIST Risk Management Framework
Nessus
Nexpose

Job Details

W2 ONLY

ship required

Public Trust

**Still in proposal state and candidate will need to be local and will be working onsite with a possibility of remote work.

i.A Bachelor degree in Computer Science or a related engineering field with training in information security

ii. 10+ years experience in Information Security

iii. 5+ years experience building and managing Windows server platforms

i. Thorough knowledge of NIST 800 Special Publications, Federal Information Processing

ii. Expertise the NIST Risk Management Framework to generate and maintain SA&A documentation to include System Security Plans, Security Assessments Reports, and Risk Assessments for internal and cloud-based systems (ie., FedRAMP)

iii. Experience using security scanners (e.g. Nessus, Nexpose, etc) and remediating vulnerabilities

Using the NIST Risk Management Framework (RMF) to conduct assessments of Information

security controls in order to measure the effectiveness of controls and identify control gaps

Ensure compliance to guidance, standards and regulations such as NIST Special Publications,

FIPS, FedRAMP, and other federal regulations and policies

Preparing Security Impact Assessments, Addendums, Security Authorization Packages and including

documentation such as Authorization

Official Out-briefs, Security Authorization Recommendations and Security Authorizations

Memorandums

? Identify, assess, and prioritize identified risks

? Collect evidence, artifacts, and document findings to support conclusions

? Report on compliance with internal policies, controls, and standards Provide recommendations for

remediation of identified deficiencies

? Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)

? Coordinate third-party risk assessments and IT audits

? Manage remediation efforts and report on the status of control deficiencies

? Support security initiatives and global policy adherence and awareness efforts

? Support global information security metrics and reporting program(s)

? Provide security expertise to business units and key stakeholders

? Enforce policy adherence and manage formal policy exception requests

Provide timely status updates/reporting on assessments and assigned projects

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.