Tetrad Digital Integrity LLC

  • Lead Security Engineer (Compliance)

    Job Locations US-VA-Alexandria
    Posted Date 2 months ago(2 months ago)
    ID
    2018-1155
    # of Openings
    1
  • Overview

    TDI is looking for a Sr. Information System (IS) Security Compliance Engineer to support our customer in Alexandria, VA.  The Engineer shall be expected to have good technical skills related to the development of information technology and information security compliance solutions and documentation. They shall serve as a vital team member as an individual contributor and leader for compliance and technical efforts in the Information Security Office (ISO). The candidate shall serve as the source of technical expertise with regards to maintaining and improving the Risk Management Framework implementation for the customer’s systems. In addition to providing tactical production operations support and Assessment and Authorization services, the candidate shall also provide strategic guidance and recommendation for strategic planning and improvements to the systems/applications. The candidate will perform risk assessments for RMF applicability on all information systems presented through the Office of IT Portfolio Management Division (PMD). The risk assessments will determine if a requested information system or project will be required to implement the RMF.

    Responsibilities

    • Utilize the NIST Risk Management Framework (RMF) to develop comprehensive security packages, conduct assessments of information security controls in order to measure the effectiveness of controls and identify control gaps.
    • Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies.
    • Prepare System Security Plans, Security Authorization Packages, including documentation such as Authorization Official Out-briefs, Security Authorization Recommendations, Plan of Action and Milestones (POA&M) and Security Authorizations memorandums.
    • Knowledge and experience with supporting and/or implementing many of the following technologies and processes:  Vulnerability & Patch Management, Endpoint Protection, Firewalls (Network and/or Endpoint), Web Proxies, Load Balancer and Web Application Firewalls, Security Information and Event Management (SIEM), Data Loss Prevention, Network monitoring and mapping, and Incident Response Processes and Tools.
    • Knowledge and experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (i.e., Minimum Benchmarks: CIS, DISA STIGS).
    • Knowledge and experience with cloud security implementation and assessment.

    Qualifications

    • Bachelor’s degree in computer related field plus 7 years of professional experience or equivalent work experience. Exceptional candidates without a Bachelor’s degree may be considered on a case by case basis.
    • Must have experience using CSAM for IS security compliance package management.
    • Must demonstrate effective communications skills with customers, peers and subordinates.
    • Responsible for weekly and monthly reporting activities. Should be familiar with different reporting and writing tools such as but not limited to Word, Excel, SharePoint, Visio and Project.
    • Certifications: Certified Information System Security Professional (CISSP) and Certified Ethical Hacker (CEH) certifications are desired.
    • Must possess a Moderate Risk Public Trust Clearance.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed