Information Security Engineer (Senior)

Company:  ECS Federal LLC
Location: Morgantown
Closing Date: 03/11/2024
Salary: £100 - £125 Per Annum
Hours: Full Time
Type: Permanent
Job Requirements / Description

ECS Federal LLC Information Security Engineer (Senior) Morgantown , West Virginia Apply Now

ECS is seeking an Information Security Engineer (Senior) to work in our Morgantown, WV office Please Note: This position is contingent upon (contract award).

Job Description:

ECS is seeking an Information Security Engineer (Senior) to work in our Morgantown, WV office. Please Note: This position is contingent upon contract award.

ECS is seeking a qualified Information Security Engineer (Senior) to support transformative science and technology solutions for the Department of Energy.

This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.

Roles and Responsibilities:

Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.Perform independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses.Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation.Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.).Devel op and execute a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6.Document and provide findings and recommendations that are concise, system-specific, and actionable.Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.

Required Skills:

Master's Degree in engineering, computer science, information technology, network security or a related field AND four years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)

OR

Bachelor's Degree in engineering, computer science, information technology, network security or a related field AND six years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)

OR

Ten years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)Must be eligible to obtain and maintain a Top Secret or DOE Q clearance throughout the life of the contract.

#J-18808-Ljbffr
Apply Now
An error has occurred. This application may no longer respond until reloaded. Reload 🗙