Job Info
ECS is seeking an Information Security Engineer (Senior) to work in our Morgantown, WV office Please Note: This position is contingent upon [contract award].
Job Description:
ECS is seeking an Information Security Engineer (Senior) to work in our Morgantown, WV office. Please Note: This position is contingent upon contract award.
ECS is seeking a qualified Information Security Engineer (Senior) to support transformative science and technology solutions for the Department of Energy.
This is a unique opportunity to join a rapidly growing company and contribute to the development and maintenance of enterprise-wide cybersecurity framework.
Roles and Responsibilities:
- Review and update existing information security policy, standards, and procedures based on federal and departmental regulations.
- Perform independent security and privacy control assessments in support of Security Assessment & Authorization (SA&A).
- Conduct assessments of existing and new FISMA systems, including subsystems in the respective system boundary, and communicate the results and potential implications of identified control weaknesses.
- Reviews and analyze, Assessment & Authorization (A&A) packages to include System Security Plans (SSP), Risk Assessments, Information System Contingency Plans (ISCP), Back-up Standard Operating Procedures (SOP), Incident Response Plans (IRP), Configuration Management Plans, (CMP), Hardware/Software lists, Network Diagrams, Data Flows, System Change Requests/Proposals, Vulnerability scan reports, test reports, and Plan of Actions & Milestones (POA&Ms) for completeness, accuracy, and document effectiveness of controls, plans and procedures implementation.
- Create and maintain test cases for security assessment testing and perform security testing at the control-requirement level for each unique component of each system (e.g., application, web application server, financial systems, database server/instance, operating systems, specialized appliances, network and infrastructure devices, and end-user devices (e.g., mobile phones, laptops, etc.).
- Develop and execute a security and privacy assessment plan in accordance with NIST SP 800-53A, as amended, requirements, for each security assessment project. SA&A activities shall include support for RMF steps 4-6.
- Document and provide findings and recommendations that are concise, system-specific, and actionable.
- Analyze security tool reports and determine residual risk or false positives from technical reports and artifacts before assigning findings.
Required Skills: - Master's Degree in engineering, computer science, information technology, network security or a related field AND four years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)
OR
- Bachelor's Degree in engineering, computer science, information technology, network security or a related field AND six years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)
OR
- Ten years of related work experience AND one or more industry security certifications (CompTIA Security+, CompTIA Network+, CompTIA Linux+, CompTIA Cloud+, (ISC)2 CISSP, ISACA CISM, ISACA CISA, (ISC)2 CCSP or relevant subject matter equivalent certification)
- Must be eligible to obtain and maintain a Top Secret or DOE Q clearance throughout the life of the contract.
- Must be a US Citizen per contract.
- Must currently live in Morgantown, WV or willing to relocate.
- Ability to work independently and as part of a team.
Desired Skills: - Active Top Secret or DOE Q Clearance with the ability to maintain clearance throughout the life of the contract.
- Two or more years experience supporting US Government customers.
- Project Management Professional certification.
- Experience supporting complex government and programs of a research and development nature.
ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis of race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. ECS promotes affirmative action for minorities, women, disabled persons, and veterans.
ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.
General Description of Benefits