Job Description
Compliance & NIST RMF
-Execute all six steps of the NIST Risk Management Framework to achieve and maintain Authority to Operate (ATO) for enterprise systems.
-Develop, maintain, and update Body of Evidence (BoE) artifacts including, authorization boundary diagrams, hardware/software lists, System Security Plans (SSPs) and Security Assessment Reports (SARs) within eMASS
-Ensure all defined system controls strictly map to compliance baselines (e.g., NIST SP 800-53).
Vulnerability Management & STIG Implementation
-Ensure servers, endpoints, and network appliances are hardened by applying Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs)
-Perform routine and ad-hoc vulnerability assessments using tools like ACAS/Nessus
Review scan reports to identify zero-days, configuration drifts, and outdated patches, providing mitigation recommendations
POA&M Management
-Create, track, and manage Plans of Action and Milestones (POA&Ms) for all identified security weaknesses and vulnerabilities
-Ensure remediation tasks are completed within designated timeframes
-Document acceptable risks and compensating controls for vulnerabilities that cannot be immediately patched
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
- 2 years of related experience with a Bachelor’s degree in Computer Science, Mathematics, Information Technology Electrical Engineering
• 2 years experience with the NIST Risk Management Framework
• Active CISSP or Security+ certification.
• Solid understanding of Information Assurance Security Controls to include DoD 8500.2 and NIST SP800-53 and ability to engineer (design and implement) security solutions to comply with applicable security controls.
• Solid understanding and experience using and implementing DISA STIGs.
• Experience using vulnerability scanning tools such as ACAS, Nessus, etc.
Nice to Have Skills & Experience
Active Secret Clearance
1 year experience with Department of War (DoW) RMF processes
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.