Vacancy expired!
Clearance: Secret Candidate must have strong RMF experienceCandidates must not only understands the concept of RMF process but be able to elaborate each step. Also needs experience in the common controls or configuration checklist. Role Description:Compliance ISSE As an Information System Security Engineer (ISSE), the Cybersecurity Engineer’s role is to conduct information system security engineering activities, confirm that information security requirements are effectively implemented throughout the security architecting, design, development, configuration, and implementation processes. The ISSE provides security support for information systems throughout the Risk Management Framework (RMF) lifecycle. The ISSE works closely with business and technical stakeholders to select and help implement security controls as outlined within NIST SP 800 series and agency guidelines and leads information systems through the Assessment and Authorization (A&A) process. This position requires strong technical skills across a variety of technologies such as multi-tiered architecture, databases, application servers, COTS products, and cloud solutions (AWS) and understanding security and dataflow within these components. Role Description:• Perform, Develop, Modify and lead Risk Management Framework (RMF) assessments, authorizations, and monitoring steps for systems following NIST standards and best practices.• Work in close coordination with all system stakeholders - Create and maintain existing information system security documentation, including System Security Plan (SSP), A&A packages, Security Controls Matrix and Assessment, and Security Configuration Guide (controlled changes to the system).• Responsible for capturing and refining information security requirements and directly engage in the delivery of projects with multi-disciplinary teams, implementing security controls, POA&M Management, etc.• Support project team with host, network, cloud, application-based security control assessments• Create security policies and maintain existing information system security documentation• Conduct a comprehensive self-assessment of the management, operation, and technical controls to determine the overall effectiveness of controls• Conduct periodic and continuous reviews of the system to ensure compliance with the authorization package• Responsible for elements of physical and environmental protection, personnel security, incident handling, and security training and awareness and ensure systems are operated, maintained, and disposed of by security policies and procedures• Participate in the change management process, including reviewing Requests for Change (RFC) and assist in the assessment of a potential change’s security impact• Continuously review and evaluate vendor, security, and business best practices for implementing a comprehensive audit program• Remain sensitive to security infractions and assist in security investigations and responses as requested• Support project team with vulnerability remediation Skills/Experience• Must have at least 5 years' experience working in the field of cybersecurity compliance and successfully completed and achieved ATO approval for several systems• Experience conducting security control assessments and/or implementation using NIST SP 800-53 Rev 5• Experience running vulnerability and compliance scans using Nessus, DBProtect, WebInspect, ForeScout• Strong communication skills, attention to detail, and being a self-starter.• Experience with High Value Asset (HVA) systems• Experience with cloud migration and working with AWS• Experience in Secure SDLC, working directly with project teams to advise on control implementation to meet NIST SP800-53 controls ABBTECH is an EOE/Minorities/Women/Disabled Individuals/Veterans
- ID: #49066819
-
State: Virginia
Vienna
22180
Vienna
USA
- City: Vienna
- Salary: $0+
- Job type: Contract
- Showed: 2023-02-07
- Deadline: 2023-04-01
- Category: Et cetera