To begin the application process, please enter your email address.
Company Contact Info
- Silver Spring, MD
- Paulina Willingham
Sorry, we cannot save or unsave this job right now.
Report this Job
Email Send Failed!
Information Technology Security Engineer
Mindbank • Silver Spring, MD
Posted 18 days ago
Get facts about other applicants with a CareerBuilder Account
Mindbank has an immediate need for an Information Technology Security Engineer with a Public Trust clearance or higher
US Citizens and those authorized to work in the US are encouraged to apply. We are unable to sponsor visas at this time
Experience: Six or more years in information technology security
Certification: CISSP certification and preferred one or more CISM, CISA, SANS GIAC, Cisco CSSP, CEH, RedHat, Microsoft or Cloud security certification.
Location is in Silver Spring, MD
The IT Security Engineer will assistance to the an Information Technology Security Program (ITSP) and the Senior Security Officer to assess and advise on overall NOS IT risk, policy interpretation, and has oversight of all independent assessments, A&A and continuous monitoring compliance actions. Will operate at a senior level and provide enterprise level services and consultation requiring various levels of support.
The IT Security Engineer will be tasked to undertake projects and assignments to assist in managing the program and meeting those identified needs. Assigned tasks may include:
- Serve as a primary or backup to the Senior Security Officer and represent at change control board, committees, working groups or other activities for providing cyber security consultation.
- Assist Information System Security Officers (ISSO) and operational teams in securing and documenting their FISMA systems.
- Assist the ISSOs to apply and mitigate system risks and vulnerabilities.
- Assist the ISSOs to apply NIST Special Publications 800 series, NIST Federal Information Processing Standards (FIPS), Department of Commerce and client and NOS policies, procedures and guidance, and industry best practices to enhance the security of their systems.
- Perform reviews of Cloud Service Provides (CSP) that have received either a FedRAMP issued Provisional Authorization to Operate (ATO) or FedRAMP approved Agency issued ATOs. Document the risks to the agency for using the CSP services and report findings to Senior Security Officer and Chief Information Officer.
- Provide oversight and management of IT Security Data Calls and develop and/or maintain ITSP process and procedures for managing data calls.
- Monitor and report on annual client IT Security Awareness Course requirement.
- Provide support in scanning systems for known vulnerabilities using scanners such as Nessus and Appscan and assessing their vulnerabilities and component configurations against their secure baselines. Hands-on vulnerability and compliance scanning not required by previous experience a plus.
- Provide assessment and authorization expert support on IT security policy including but not limited to NIST SP 800 series, NIST FIPS, Department of Commerce and client policies and industry best practices.
- Provide oversight and coordination with between incident response, programs and chief information officer.
- Proficiency in verbal and written communications.
- Proficiency in interpersonal skills.
- Proficiency in handling multiple tasks concurrently.
- Minimum 6 years of experience with operating one or more vulnerability scanning tools for network operating systems, applications and databases.
- Minimum 6 years of experience conducting one or more of the following: NIST SP 800- 53 security controls assessments, systems auditing, systems testing.
- Minimum 3 years of experience with demonstrated ability to develop and write security controls and processes.
- Minimum 6 years of experience with operating IT forensics investigation tools currently deployed in the NOS environment.
- Minimum 4 years of experience with IT security incidents management and oversight following Computer Incident Response Team (CIRT) policy and procedures, preferably those for NOAA. Specifically, ensuring CIRT requests are address by the ISSO assigned to the security incident and performing communication and coordination activities between CIRT, Security Operations Center and Program Offices.
- Minimum 3 year of operational experience with systems or network administration.
QUALIFIED CANDIDATES PLEASE SEND YOUR RESUME TO:
Mindbank Consulting is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, age, sexual orientation, status as a protected veteran, among other things, or status as a qualified individual with a disability.