Information System Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Jones Networking · 5 hours ago

Information System Security Engineer

positionWashington, DC
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$120K/yr - $120K/yr
date8+ years exp

Jones Networking is seeking a talented Information System Security Engineer to support the Assistant Secretary for Administration under guidance from the CIO's Information System Security Manager. The role involves ensuring compliance with NIST standards for a portfolio of systems and providing leadership and mentoring to other ISSOs to deliver consistent ISSO services.

Human Resources
check
Work & Life Balance
Hiring Manager
Samantha James
linkedin

Responsibilities

Ensure applicable cybersecurity policies are implemented for systems and information system-related physical security also under purview
Maintain operational security posture consistent with current security policy
Report actual or suspected computer-security incidents to DOT CSIRC within time frames established by DOT Incident Response policy for incident types in accordance with US-CERT
Distribute cybersecurity notices and advisories to appropriate personnel and that vendor-issued security patches are expeditiously installed
Serve as primary security to system owners, common control providers, and users
Serve as focal point for cybersecurity incident reporting and subsequent resolution
Assisting ISSM in reviewing contracts for information systems under the Component's control to ensure that cybersecurity is appropriately addressed in contract language
Ensure all security-related SDLC documentation meets all identified security needs
Maintain Security Assessment and Authorization (SA&A) documentation for information systems under purview according to DoT Cybersecurity Policy and Compendium
Ensure selection of NIST SP 800-53 baseline security controls are appropriate for system based on FIPS 199 security categorization, NIST SP 800-53 guidance, and supplemental DOT policy specified in DoT Cybersecurity Compendium
Assist System Owner, Information Owner, and ISSM in recording all known security weaknesses of assigned information systems in POA&Ms IAW DoT policy and procedures
Track all security education and awareness training conducted for personnel and contractors, as required by DoT Cybersecurity Policy and Compendium
Provide security advice to AO and System Owner on all matters (technical and otherwise) involving security of the information system
Ensure required updates are performed to key documents in accordance with NIST SP 800-37 for continuous monitoring
Identify changes to systems that may impact security controls, perform security impact assessment of proposed changes, report any change in risk posture, and provide recommendations for risk mitigation
Ensure proper backup procedures exist for assigned information systems and that procedures are performed and tested in accordance with System Security Plan
Assist System Owner and ISSM to ensure external connections to/from DoT information systems and networks are provided by an approved DoT Trusted Internet Connection Access Provider (TICAP) or DoT-approved Managed TIC Provider Service (MTIPS)
Ensure audit logs are captured, maintained, and analyzed as required by NIST SP 800- 53 and any supplemental Departmental Cybersecurity Policy and the Compendium
Ensure DoT enterprise information security management system (CSAM or its successors) accurately contains required information system inventory, categorization, POA&Ms and other security metrics required by DoT CIO through this policy
Complete mandatory annual specialized information security training

Qualification

CISSP certificationNIST 800.53 understandingRisk Management FrameworkAWS/Azure certificationContinuous monitoring experienceThird party assessments experienceIT Security experienceCloud authentication understanding

Required

8+ years of experience in IT Security
Certified Information Systems Security Professional (CISSP) certification
Understanding of NIST 800.53 and its applicability to IT Systems
Expertise with Risk Management Framework, FEDRAMP and FISMA
Understanding authentication in the cloud environment
Experience with continuous monitoring of a cloud system
Experience working on assessments with third party assessments organization (3PAO)
AWS/Azure associate certified

Benefits

Company-supported medical, dental, vision, life, STD, and LTD insurance
Benefits include 10 federal holidays and PTO
401(k) with company matching
Flexible Spending Accounts for commuter, medical, and dependent care expenses
Tuition Assistance

Company

Jones Networking

twittertwittertwitter
company-logo
Jones Networking is a staffing and recruiting company specializing in financial, administrative, and HR staffing solutions.
dateFounded in 1997
location
Lutherville Timonium, Maryland, USA
people-size51-200 employees
web-link
http://jonesnet.com

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Danny Jones
Partner
linkedin
leader-logo
Jennifer Samson
Recruiting Partner
linkedin
Company data provided by crunchbase