- Develop and advise development of Assessment and Authorization (A&A) artifacts and security documentation to include, but not limited to:
- System Security Plans (SSP)
- Plan of Action and Milestone (POA&M)
- Contingency Plan
- Incident Response Plan
- Configuration Management Plan
- Comprehensive understanding of vulnerability management, USGCB, DISA STIGS, CIS hardening standards
- Enhance and perform standard operating procedures as applicable for systems to be assessed for an Authorization to Operate (ATO)
- Provide technical expertise in IT Security Risk Management functions
- Federal Information Security Management Act of 2014 (FISMA of 2014), the Risk Management Framework, the Privacy Act, and Zero Trust Architecture concept
- Develop ATO artifact templates to include but not limited to SSPs, POA&Ms, Contingency Plans, and other security documentation
- Deep technical expertise with various security tools and solutions is required, specifically, spacewalk, Nessus security center, Crowdstrike, Carbon Black, and Archer.
- Develop and present briefs to stakeholders and government leads.
- Develop deliverables to include drafting data diagrams, creating security and privacy documents
- Identify process improvements and document processes, procedures, and job aides
- Develop briefing communications and other deliverables
- Train others on RMF and ATO processes
- Assist with pre-assessment preparation
- Active Secret clearance
- Bachelor's degree with a concentration in Cybersecurity, Computer Science, Management Information Systems, Business or Engineering preferred
- Minimum of 10 years of cybersecurity experience
- Experience supporting a federal government agency
- DOD 8570 IAT/IAM Level II certification
Principal Information Engineer - Rockville, United States - Dynamic Solutions Technology LLC
Description
Job Description
Job DescriptionDynamic Solutions Technology, LLC (DST) is seeking a full time Principal Information Engineer (Senior) to support a government client in the Cybersecurity and Infrastructure Support for systems in the Cloud. This role requires a self-starter with the ability to perform with limited oversight. In this role you will perform guide Cloud system owners through NIST risk assessments while enhancing their current process workflows and developing new processes and templates. You will ensure the client meets established information security, compliance, operational risk, and reporting requirements. You will develop or update process and template documentation. The candidate must be able to work independently and with a team.
Duties and Responsibilities:
Desired Skills/Education/Certifications: