Tetrad Digital Integrity LLC

Returning Candidate?

Information System Security Engineer

Information System Security Engineer

ID 
2018-1106
# of Openings 
1
Job Locations 
US-DC-Washington DC
Posted Date 
1/4/2018
Category 
Information Technology

More information about this job

Overview

The Information System Security Engineer (ISSE) will be responsible for interfacing with customers and leading other TDI team members to develop system security plans and their associated appendices. They will be responsible for performing security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, management and privacy controls in order to evaluate the design and implementation of security controls. The individual will be responsible for risk and compliance management and reporting to include risk assessments, system security plans, security assessment reports, vulnerability assessments, and POA&M management.

The desired candidate will also have experience conducting technical assessments to identify vulnerabilities and providing recommendations for remediation. Technical assessments include utilizing vulnerability scanning tools, performing penetration testing and conducting web application assessments.  

Responsibilities

  • Utilize the NIST Risk Management Framework (RMF) to develop comprehensive security packages, conduct assessments of information security controls in order to measure the effectiveness of controls and identify control gaps
  • Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
  • Prepare System Security Plans, Security Authorization Packages, including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations, Plan of Action and Milestones (POA&M) and Security Authorizations memorandums
  • Knowledge and experience with supporting and/or implementing many of the following technologies and processes: Vulnerability & Patch Management, Endpoint Protection, Firewalls (Network and/or Endpoint), Web Proxies, Load Balancer and Web Application Firewalls, Security Information and Event Management (SIEM), Data Loss Prevention, Network monitoring and mapping, and Incident Response Processes and Tools
  • Knowledge and experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (i.e., Minimum Benchmarks: CIS, DISA STIGS)
  • Knowledge and experience with cloud security implementation and assessment

Qualifications

  • 6+ years of work experience performing security analyst and/or engineering related functions
  • Bachelor’s degree in cyber security, information assurance, computer science, information technology or related major/experience.
  • Ability to multi-task in a deadline oriented environment
  • Ability to manage tasks or projects through completion with very little supervision or oversight
  • Ability to work well independently with little input and as a part of a team
  • Ability to direct or lead others in a team environment
  • Ability to develop and present briefings to the customer and/or company leadership
  • Ability to obtain and maintain Public Trust Clearance
  • CISSP certification is desired, other cyber security related or vendor certifications are a plus