Location: Montgomery, AL
Employment Type: Regular Full Time
Industry: Government Contracting – Medical Staffing Solutions/IT Services
Job Type: Information Security Engineer
We have an opportunity for an Information Security Engineer to support Government customers. The chosen candidate will be responsible for performing and/or leading technical security evaluations of our DoD, Federal, and commercial clients. Security evaluations for DoD and Federal information systems will be conducted in accordance with Financial Improvement and Audit Readiness (FIAR) and NIST 800-171 processes. Candidate will have a strong background in Certification Testing & Evaluation (CT&E) and become part of a FIAR team responsible for accessing, testing and reporting in a major IT project.
- Perform vulnerability assessments and application security evaluations utilizing commercial and DoD recognized security assessment tools such as Security Readiness Review (SRR) scripts, Nessus, Retina, FSO STIG Checklists, etc.
- Develop security test plans based on system architecture; dataflow; and hardware/software profile information.
- Apply INFOSEC best practice and principles to network protocols, architectures, equipment, services, standards and technology.
- Author documentation containing evaluation results and recommendations, product application guidelines, troubleshooting procedures, system schematics/diagrams, and others as required.
- Position requires the ability to pass and maintain a Security Clearance.
Formal Education & Certification:
- Bachelor’s degree (in Computer Science or related field) or equivalent. Master’s degree in Computer Science preferred.
- CISSP, CISA or CISM certification desired.
- 8-10 years of related experience.
Knowledge & Experience:
- Demonstrated knowledge and experience with OSD FIAR audit readiness requirements required.
- Knowledge of and experienced in the implementation of DoD and Federal security and IA requirements as outlined in DoDI 8500.2, NIST 800-53, and DISA STIGs and will have experience with DoD Ports, Protocols, and Services (PPS), PKI, and Information Assurance Vulnerability Management (IAVM) policies and standards required.
- Extensive working knowledge of NIST and DoD information system security guidance, processes, and methodologies required.
- Strong background in Certification, Testing & Evaluation required.
- Strong NIST 800-171 experience required.
- Demonstrated knowledge of Microsoft Office Software Suite products required.
- Extensive practical knowledge in importing data for use in report software, spreadsheets, graphs, and flow charts required.
- Experience working in a team-oriented, collaborative environment required.
- Strong understanding of Network Security technologies to include firewalls, IDS/IPS, ACL’s, etc. desired.
- Strong understanding of Unix/Linux, Windows, and Cisco technologies desired.
- Strong understanding of systems engineering; database administration; and/or application development Information Security consulting experience with demonstrated leadership skills desired.
- Excellent understanding of organizational goals and objectives desired.
- Must currently possess or be able to obtain a SECRET security clearance
- Good project management skills.
- Excellent analytical, mathematical, and creative problem-solving skills.
- Excellent listening, interpersonal, written and oral communication skills.
- Logical and efficient, with keen attention to detail.
- Ability to conduct research into systems issues and products as required.
- Ability to communicate ideas in both technical and user-friendly language.
- Highly self motivated and directed.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Strong customer service orientation.
- Normal working hours will be an eight (8) hour day, five (5) days per week (Monday – Friday 8AM-5PM).
- Occasional work support during other than normal hours (i.e., evening and weekend to meet deadlines).
- May be required to travel in support of system development.
- Sitting for extended periods of time.
- Dexterity of hands and fingers to operate a computer keyboard or mouse, and to handle other computer components.
- Lifting and transporting of moderately heavy objects, such as computers and peripherals.