TITLE: Information Security Engineer (C & A)
LOCATION: Arlington, VA – USA
RELOCATION/VISA: Need to have a relevant visa
SALARY: On request
COMPANY: On request
KEY REQUIREMENTS:
• Must have a comprehensive understanding of the C&A process to include the initiation phase, security certification phase, security accreditation phase, and the continuous monitoring phase.
• Will be knowledgeable of tasks and subtasks required of the authorizing official, authorizing official’s designated representative, the information system owner, information system security officer, or the certification agent.
• Experience in performing C&A in accordance with NIST special publications, to include development of System Security Plans, Risk Assessments, and Security Assessments.
• Experience monitoring/managing IDS Systems.
• Experience conducting IT security audits of networks, web applications, and databases.
• A Bachelor’s degree in Computer Science, Information Systems, Engineering, or other related scientific or technical discipline.
• Six years of experience in the INFOSEC field.
• Must be a self-starter capable of working independently with the customer and industry points of contact.
• Must be able to work with other contractors and employees in a congenial manner.
• Personal initiative and a sound work ethic will be very important to the task’s success.
Preferred qualifications and skills include:
• Experience with NIST, DITSCAP, NIACAP, ISO 17799, and automated C&A tools is desirable
• Public Trust Minimum Background Investigation (MBI)
• DOD Secret Clearance or better is highly desirable
• CISSP/SANS Cert is highly desirable
JOB DESCRIPTION:
Certification & Accreditation (C&A) Compliance, Network/Host Vulnerability Scanning, Network Intrusion Detection, Audit Log Monitoring, and Incident Response. This position is a full-time INFOSEC Engineer position with a progressive and highly dynamic government office. The schedule is a combination of standard office hours, after-hours with some flexibility based on tasking, and a 24/7 rotating pager schedule. This is not shift work. This position is ideal for IT Engineers with a balanced mix of interests desiring to stay current on multiple skill fronts in a challenging career of Information Security, or current Security Engineers who want to expand their current skill set. A broad exposure to new technologies and experiences is an inherit benefit of this position, so a strong desire for personal and professional growth is encouraged.
• Develop and maintain general IT security policies and Standard Operating Procedures (SOPs).
• Review existing policies and documentation.
• Review and comment on C&A packages to ensure they comply with current Public Law as well as Federal directives, such as OMB A-130 and OMB A-123, Agency security guidelines, and NIST special publications.
• Support Information System Security Officers (ISSOs) in updating the system Plan of Actions & Milestones (POA&M), audit preparation, audit action plans, and eventual submissions.
• Support ISSOs and Information System Security Managers (ISSMs) in reviewing and training to stay current with all applicable Public Law as well as Federal directives, such as OMB A-130 and OMB A-123, Agency security guidelines, and NIST special publications.
• Design, develop, engineer, and implement solutions to INFOSEC requirements.
• Gather and organize INFOSEC technical information about organizations and their missions, goals, requirements, existing security products, and ongoing programs.
• Conduct technical security assessments against remote hosts, websites, and databases.
• Use commercial and open source vulnerability assessment tools, such as Nessus, Foundstone, WebInspect, WebScarab, AppDetective, and NMap.
• Perform data analysis and report generation, including triaging scan data to make recommendations based on policy and industry best practices.
• Monitor and respond to events generated by an Intrusion Detection System (IDS)/Audit Log Correlation Engine.
• Use commercial and open source IDS tools such as SNORT, Activeworx, B.A.S.E, SourceFire, and ISS to monitor network traffic.
• Available to support a 24X7 “ON Call” pager with a rotating schedule.
Click here to apply for this position.
