Security Management Specialist/Security Risk Management - Washington, United States - Edgewater Federal Solutions

    Edgewater Federal Solutions
    Edgewater Federal Solutions Washington, United States

    2 weeks ago

    Default job background
    Description

    Overview:

    Security Management Specialist/Security Risk Management

    Edgewater Federal Solutions, Inc. is currently seeking a Security Management Specialist/Security Risk Management

    with hands-on technical skills to provide support to Edgewater Federal government contracts. This is a primarily remote position with one day a week required at the customer site in Washington, DC.

    Responsibilities:

    Responsibilities:

    • Researches, organizes, writes, edits, trains, and produces technical data, guidelines, templates, and policy to support Security Engineering within Windows and Unix environments.
    • Perform information security risk assessments across a variety of platforms and applications submitted through the Change Management process.
    • Guide users in determining and integrating baseline security requirements for IT systems, advise on viability of alternative approaches.
    • Propose remediation/mitigating controls and recommendations to stakeholders and management to minimize risk.
    • Address security concerns or issues with proposed software and hardware projects to ensure baked-in security considerations in project proposals.
    • Lead security team engagements to build and mature processes to produce written Standard Operating Procedures with a focus on improvement to Information Assurance processes, methodologies, and communication methods.
    • Support iterative review of security assessment results, and work with stakeholders across organizations to provide structure around risk management and internal controls.
    • Experience with CIS Benchmarks and DISA STIGs to provide system hardening guidance.
    • Maintain a Master Library of Security Benchmarks for relevant systems as a reference for essential baseline security requirements, compliance, and continuous monitoring capabilities.
    • Provide status updates and follow-up on active open Security Engineering tickets.
    • Align with and support the execution of the Cybersecurity Information Assurance organization vision and strategy.
    • Development of security guidance, policies, and procedures.
    Qualifications:

    Qualifications:

    • 8+ years of experience with IT System and Application review, information assurance or cybersecurity, with 3+ years of experience performing system or risk assessments in accordance with the NIST / Risk Management Framework (RMF)
    • Must obtain and maintain one (1) industry standard security certification. The government approves CompTIA Security+, CISSP, CEH, or DoD equivalent.
    • Bachelors degree or equivalent work experience in related field.
    • Excellent verbal and written communication skills and ability to build strong relationships with stakeholders at all levels.
    • Strong problem-solving capabilities and the ability to effectively communicate solutions.
    • Strong analytical capabilities.
    • Strong understanding of how computer systems and networks are secured and in compliance with government and industry regulations.
    • Ability to independently collect, review, and evaluate IT product data to identify and characterize security threat sources of concern and provide recommendations to Government leadership.
    • Ability to obtain and maintain a Public Trust clearance.
    • Ability to demonstrate during the candidate interview, proficiency to edit text Microsoft Word documents, create templates, and automate the creation of tables of content.
    • Ability to demonstrate during the candidate interview, proficiency to edit Microsoft Excel spreadsheets by sorting data, running and creating functions, pivot tables, and charts.

    Desired Elements:

    • Experience with government contracting firms supporting the Federal government.
    • Experience with Cloud providers, preferably Azure.
    • Familiar with using agile tools for day-to-day tasking preferably Azure Dev Ops.
    • 3-5 years of relevant work experience with network engineering and/or system administration background (Windows).
    • Strong understanding of network security architecture; nodes (computers, routers, firewalls, etc.) and communications protocols (TCP/IP, HTTPS, SSH, RDP, DNS, etc.).
    • Some experience with Change Management and/or ITIL certified.
    • Respond to service requests and support change management security review process.
    • Subject matter expertise in information security best practices.
    • Ability to articulate ideas to both technical and non-technical audiences through excellent written and oral communication skills.
    • The ability to establish effective relationships with internal partners and teams

    Edgewater Federal Solutions is a privately held government contracting firm located near Frederick, MD. The company was founded in 2002 with the vision of being highly recognized and admired for supporting customer missions through employee empowerment, exceptional services, and timely delivery. Edgewater is ISO 9001, , 27001 certified, appraised at CMMI Level 3 Maturity for Development and Services, and has been named in the Top Workplaces in the Greater Washington Area for six consecutive years 2018 through 2023.