Information Security Engineer needed - multi-year contract with a federal government agency!!! We are looking for a solid Intermediate Information Security Engineer with technical understanding of Continuous Diagnostics and Mitigation (CDM) Tools to join a Information Security Program on a brand new, multi-year contract with a federal government agency.
What we provide you…
Opportunity to telework (full-time telework during COVID-19, TBD post-COVID-19)
Corp-to-Corp and/or hourly full-time employment is available.
Competitive annual salary based on years and quality of relevant experience.
United Healthcare Medical and Corporate contribution to a Health Savings Account (HSA).
Aetna Dental, VSP Vision, Short and Long-term Disability, Life Insurance.
401K with a corporate match.
Paid Time Off (PTO) and Holidays.
Corporate contributions to approved certifications and training.
Required Knowledge and Skills
Solid experience in Continuous Diagnostic and Monitoring tools to include technologies such as Tenable.io (vulnerability scanning), Netsparker (application scanning), BigFix, (asset management) etc.
Vulnerability management to include identification, validation, and remediation validation.
Incident Response support including tracking security incidents to closure.
Secure configuration baselines: e.g. DISA STIGS and CIS Benchmarks
Development of security metrics reporting
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, DNS, etc.
Education, Experience and Certifications
Bachelor's Degree from a 4-year accredited college/university (or greater)
3+ years of experience in an Information Security environment.
Successfully pass a federal background check
An industry-recognized security certification is strongly preferred
Desired skills and experience
Current or previous experience working within the federal environment
Experience in application of security controls/management of risk in MS Azure environment
Risk Management Framework (RMF) and NIST SP 800 series guidance
Privacy Impact Assessment (PIA) and e-Authentication Risk Assessment (eRA)