|Location||Silver Spring, MD|
|Date Posted||October 3, 2017|
Mindbank has an immediate need for an Information Technology Security Engineer with a Public Trust clearance or higher
US Citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor visas at this time
Experience: Six or more years in information technology security
Certification: CISSP certification and preferred one or more CISM, CISA, SANS GIAC, Cisco CSSP, CEH, RedHat, Microsoft or Cloud security certification.
Location is in Silver Spring, MD
The IT Security Engineer will assistance to the an Information Technology Security Program (ITSP) and the Senior Security Officer to assess and advise on overall NOS IT risk, policy interpretation, and has oversight of all independent assessments, A&A and continuous monitoring compliance actions. Will operate at a senior level and provide enterprise level services and consultation requiring various levels of support.
The IT Security Engineer will be tasked to undertake projects and assignments to assist in managing the program and meeting those identified needs. Assigned tasks may include:
- Serve as a primary or backup to the Senior Security Officer and represent at change control board, committees, working groups or other activities for providing cyber security consultation.
- Assist Information System Security Officers (ISSO) and operational teams in securing and documenting their FISMA systems.
- Assist the ISSOs to apply and mitigate system risks and vulnerabilities.
- Assist the ISSOs to apply NIST Special Publications 800 series, NIST Federal Information Processing Standards (FIPS), Department of Commerce and client and NOS policies, procedures and guidance, and industry best practices to enhance the security of their systems.
- Perform reviews of Cloud Service Provides (CSP) that have received either a FedRAMP issued Provisional Authorization to Operate (ATO) or FedRAMP approved Agency issued ATOs. Document the risks to the agency for using the CSP services and report findings to Senior Security Officer and Chief Information Officer.
- Provide oversight and management of IT Security Data Calls and develop and/or maintain ITSP process and procedures for managing data calls.
- Monitor and report on annual client IT Security Awareness Course requirement.
- Provide support in scanning systems for known vulnerabilities using scanners such as Nessus and Appscan and assessing their vulnerabilities and component configurations against their secure baselines. Hands-on vulnerability and compliance scanning not required by previous experience a plus.
- Provide assessment and authorization expert support on IT security policy including but not limited to NIST SP 800 series, NIST FIPS, Department of Commerce and client policies and industry best practices.
- Provide oversight and coordination with between incident response, programs and chief information officer.
- Proficiency in verbal and written communications.
- Proficiency in interpersonal skills.
- Proficiency in handling multiple tasks concurrently.