Information System Security Engineer

Risk assessment, CISM, Monitoring, Risk management, Security, CHFI, CISA, FISMA, Security controls, Information security, Process analysis, CISSP, Governance, IPsec, Compliance, Certified Ethical Hacker, NIST, Cyber security, SSCP, VIA, NERC, GIAC
Contract W2, 5 Years
Depends on Experience
Work from home not available Travel not required

Job Description

**All resumes will remain strictly confidential. Candidates must be LOCAL to the Pacific Northwest and available for onsite interviews. Those authorized to work in the United States without sponsorship are encouraged to apply.ship required due to federal government contract requirements.

OVERVIEW:

This position will provide technical expertise and assistance to other Security Control Assessors, Cybersecurity/InfoSec personnel and co-workers on a variety of ad hoc and formal projects & programs requiring technical and policy/process/procedure analysis.

  • Supports Critical Infrastructure Protection by implementing and maintaining regulatory & cyber security requirements (FISMA and NERC CIP).
  • Provide Security & Design support to Enterprise/Solutions Architects within the TT organization:
  • Varied and complex improvements to BES cyber systems, software applications, databases, and processes, as well as infrastructure support tools for code/release management, bug tracking, storage, and monitoring.
  • System security engineering, planning, cross-functional configuration analysis, security requirements development, Propose updates to technical control standards supporting the various software platforms, systems, and environments.
  • Draft and recommend detailed project plans, timelines, milestones and objectives for upgrades and/or for monitoring security measures for the protection of TO computer networks and information.
  • Identify security integration issues related to the implementation of new systems within the existing infrastructure and recommend mitigation and/or resolution options.
  • Research/review proposed new systems, networks, and software security issues including supply chain risk management.
  • Provide recommendations and input into technical reviews of proposed projects, and TT s system security certification and accreditation process.
  • Draft initial designs using best practices and compliance requirements per Organization Policy, Department of Energy (DOE), Department of Homeland Security (DHS) and the North American Electric Reliability Corporation (NERC CIP).
  • Plan, design and facilitate prototyping sessions, pilot projects, and requirements gathering meetings.
  • Upon request, provide stage-gate input into systems/software architecture & designs for potential security risks/impacts;
  • Conduct or assist with vulnerability testing of new implementations prior to releasing to production.
  • Technical Writing and Communications; technical information via telephone, e-mail correspondence, and in-person meetings:
  • Draft System Security & Compliance Plans (SSP/SSCP) in accordance with applicable policies and procedures.
  • Assess existing security roles and permissions to provide recommendations for Account Management Plans for new systems;
  • Draft Lessons Learned documents in conjunction with completed systems implementations.
  • Provide cross training and functional documents including topology and data flow diagrams.
  • Provide subject matter expertise, technical advice, and assistance to Transmission Technology (TT) co-workers on a variety of ad-hoc and standing projects requiring technology/policy/procedure/process analysis.
  • Assist in developing and implementing improved risk based practices such as NIST Risk Management Framework, over a multi-year horizon:
  • Analyze and make recommendations on policy, governance, and procedural changes in order to identify and reduce Transmission cyber risk commensurate with evolving industry best practices and standards.
  • Turn recommendations into draft plans and processes as required.
  • Stay abreast of tools related to vulnerability and risk assessment in order to support more thorough risk analysis of current architectures and practices related to Transmission IT/OT services.
  • Apply authorization to operate, and certification & accreditation/compliance processes in a FISMA and NERC CIP context.
  • Assist in developing and improving cybersecurity capability:
  • Review operating practices and documentation to verify if controls and security measures are adequate. Recommend necessary changes and alert the Organization manager of any concerns.
  • Research new and emerging techniques to determine their applicability for support of the needs of operations.
  • Present demos of emerging technologies to acquaint Organization staff with capabilities and applicability to business solutions.
  • Draft and recommend customized Cyber Security Controls Catalog under the NIST guidelines for federal systems.
  • Using Cyber Security best practices and established processes; analyze & document risks of existing and proposed system architectures and their security policies; propose risk treatment plans for information systems.

TECHNICAL REQUIREMENTS:

  • A Master s degree in Computer Science, Information Assurance, Information Technology Management, Cyber Security, Forensics, Homeland Security, or a closely related technical discipline is preferred;
  • With an applicable Bachelor s or Master s degree, 8 years of experience is required.
  • Without an applicable degree, 10 years of experience is required.
  • 8 years of experience with hands-on technical implementation of networks and systems commensurate with the professional certification of MCSE/MCITP, GIAC, CISSP, etc. The hands-on experience should have been technical in nature, employing or leveraging technologies involved in enterprise computing such as but not limited to, Active Directory, MS SQL or other RDBMS, IPSEC, IPv4/IPv6, operating system security configurations (DISA GOLD, STIG, FDCC, etc.), programming frameworks, scripting tools, and web services (Apache, Internet Information Server, etc.).
  • 3 years of experience in security system engineering, including experience effectively performing security control implementation on networks, servers and systems and/or vulnerability assessments, e.g.
  • One or more of the following networking or security certifications are required:
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • EC-Council Certified Ethical Hacker (CEH)
  • EC-Council Hacking Forensics Investigator (CHFI)
  • Global Information Assurance Certification (GIAC) in ICS, Cyber Defense, or Secure Software Programmer
  • Microsoft Certified Solutions Expert (MCSE)

Posted By

Jeff Morris

12520 SW 68th Ave, Suite B Tigard, OR, 97223

Contact
Dice Id : TRIADTOR
Position Id : 005
Originally Posted : 5 years ago
Have a Job? Post it