This position requires at least a Secret level U.S. Security Clearance and is willing to pay $130,000-$140,000 depending on experience and qualifications.
This position is fully on-site in Washington D.C.
Support the organization's Information System Security Manager (ISSM) and Chief Information Officer (CIO) with Risk Management Framework (RMF) package development as the technical Information Systems Security Engineer (ISSE), in accordance with internal RMF guidance, to achieve Authorization to Operate (ATO).
Assemble all required documentation as outlined by the ISSM and organizational cybersecurity policies for RMF packages.
Assess and implement security controls, Security Technical Implementation Guides (STIGs), and Assured Compliance Assessment Solution (ACAS) scans in compliance with governing policies for servers, networking equipment, workstations, and other IT assets.
Assist system administrators with the implementation and application of all applicable STIGs, industry best practices for security and design, and Information Assurance Vulnerability Alert (IAVA) requirements.
Maintain compliance by verifying completion of Nessus scans, STIG checklists, and SCAP files; report any open findings or vulnerabilities; propose and implement mitigations; and construct Plans of Action and Milestones (POA&Ms) when necessary.
Ensure ongoing compliance using vulnerability remediation and asset management tools, and maintain accurate records in relevant IT portfolio and application management systems.
Demonstrate a strong understanding of NIST standards, national security system guidelines, communications task orders, and vulnerability management protocols.
Create system authorization boundary diagrams and data flow diagrams, ensuring traceability to hardware, firmware, software, ports, protocols, and services (PPS) lists and ACAS results, in compliance with internal cybersecurity standards.
Review system PPS lists and ensure compliance with applicable cybersecurity instructions and frameworks.
Collaborate regularly with internal teams and external stakeholders at various organizational levels.
Participate in recurring status and requirements meetings to facilitate the RMF process and ensure alignment with project timelines and security objectives.
We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
Human Resources Request Form. The EEOC "Know Your Rights" Poster is available
here.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
58 years of experience in an Information Technology or Cybersecurity environment supporting defense-related operations.
Experience with enterprise-level risk management and compliance platforms.
Proficiency in vulnerability assessment tools and methodologies.
Familiarity with Security Technical Implementation Guides (STIGs) and their application across various systems.
Experience with vulnerability remediation and asset management systems.
Strong technical proficiency in:
Microsoft operating systems
Microsoft SQL
Red Hat Linux
Cisco networking technologies
Wireless infrastructure (e.g., Aruba)
Microsoft Office Suite
Microsoft Visio for diagramming and documentation
Bachelors degree in Information Technology, Cybersecurity, Computer Science, or a related discipline.
Compliance with recognized cybersecurity workforce standards equivalent to IAT Level II; higher-level certifications (e.g., IAM Level III) are preferred.
Must possess an active security clearance.
Excellent verbal and written communication skills.
Ability to thrive in a fast-paced, dynamic program office environment.
Strong attention to detail and organizational skills.
Experience developing Assessment and Authorization (A&A) documentation.
In-depth knowledge of the Risk Management Framework (RMF) and NIST SP 800-53 guidelines, particularly in the role of an Information Systems Security Engineer (ISSE).
Understanding of communication systems including LAN, WAN, and RF technologies.
Working knowledge of servers, software, networking equipment, and other infrastructure components.
Familiarity with IT portfolio and application management systems and their compliance requirements.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.