ECS Federal
Information Security Engineer (Senior)
ECS Federal, Morgantown, West Virginia, United States, 26501
ECS is seeking an Information Security Engineer (Senior) to work in our Morgantown, WV office Please Note: This position is contingent upon [contract award].
Job Description:
ECS is seeking an Information Security Engineer (Senior) to work in our Morgantown, WV office. Please Note: This position is contingent upon contract award.
ECS is seeking a qualified Information Security Engineer (Senior) to support transformative science and technology solutions for the Department of Energy.
This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.
Roles and Responsibilities:
Review and update existing information security policy, standards, and procedures based on federal and departmental regulations. Perform independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A). Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses. Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation. Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.). Devel op and execute a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6. Document and provide findings and recommendations that are concise, system-specific, and actionable. Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
Required Skills:
Master's Degree in engineering, computer science, information technology, network security or a related field AND four years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)
OR
Bachelor's Degree in engineering, computer science, information technology, network security or a related field AND six years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)
OR
Ten years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification) Must be eligible to obtain and maintain a Top Secret or DOE Q clearance throughout the life of the contract.
Job Description:
ECS is seeking an Information Security Engineer (Senior) to work in our Morgantown, WV office. Please Note: This position is contingent upon contract award.
ECS is seeking a qualified Information Security Engineer (Senior) to support transformative science and technology solutions for the Department of Energy.
This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.
Roles and Responsibilities:
Review and update existing information security policy, standards, and procedures based on federal and departmental regulations. Perform independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A). Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses. Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation. Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.). Devel op and execute a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6. Document and provide findings and recommendations that are concise, system-specific, and actionable. Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
Required Skills:
Master's Degree in engineering, computer science, information technology, network security or a related field AND four years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)
OR
Bachelor's Degree in engineering, computer science, information technology, network security or a related field AND six years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)
OR
Ten years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification) Must be eligible to obtain and maintain a Top Secret or DOE Q clearance throughout the life of the contract.