The job below is no longer available.

Similar available jobs

in Chantilly, VA

Pay
Estimated
$49 per hour
Hours
Full-time
About this job

Role/Title Information Systems Security Engineer

Location Chantilly, VA 20151

Duration Long Term (2-4 Years)

Job Description:

  • Responsible for the implementation of the National Institute of Standards and Technology (NIST) Special Publication 800-37, Guide for Applying the Risk Management Framework (RMF) Steps 1-3 for assigned information systems/assets.
  • Each ISSE will be assigned as Primary and alternate on average for 4-7 systems depending on the complexity of the system.
  • As a Primary ISSE, responsible for leading the asset RMF team and submitting weekly status reports.
  • Daily tasks would be dependent on which RMF Step the assigned system is currently in.
  • Step 1 Categorize, by determining the criticality of the information and system according to potential worst-case, adverse impact to the organization, mission/business functions, and the system.
  • Step 2 Select security controls (NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations) starting with the appropriate baseline using categorization output from Step 1 to apply tailoring guidance as needed based on risk assessment.
  • Step 3 Implement security controls within enterprise architecture and systems using sound system security engineering practices (see SP 800-160); apply security configuration settings.
  • Supports the Information System Security Manager & Information System Security Engineer Lead.
  • Coordinates with the Information System Security Analysts, and system administrators for control implementation and Plans of Actions and Milestones (POA&Ms) closeout requirements.
  • Coordinates with Information System Security Officers and other teams as required for continuous monitoring activities required for assigned information systems/assets.
  • Ensures systems designs support incorporation to customer continuous monitoring solutions (i.e., Vulnerability Alerts, Splunk, Enterprise Scanning, etc.
  • Required to become proficient on the Customers Assessment and Authorization tool to track and document the RMF steps.