Information Security Consultant

Company: Elegant Enterprise- Wide Solutions Inc
Location: Washington
Posted on: March 17, 2025

Job Description:

Key Tasks and Responsibilities

For a complete understanding of this opportunity, and what will be required to be a successful applicant, read on.

Using the NIST Risk Management Framework (RMF) to conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps

Ensure compliance to guidance, standards and regulations such as NIST Special Publications, FIPS, FedRAMP, and other federal regulations and policies
Preparing Security Impact Assessments, Addendums, Security Authorization Packages and including documentation such as Authorization

Official Out-briefs, Security Authorization Recommendations and Security Authorizations Memorandums

Identify, assess, and prioritize identified risks
Collect evidence, artifacts, and document findings to support conclusions
Report on compliance with internal policies, controls, and standards Provide recommendations for remediation of identified deficiencies
Track and report on Plans of Action and Milestones (POAMs) (i.e., findings/deficiencies to closure)
Coordinate third-party risk assessments and IT audits
Manage remediation efforts and report on the status of control deficiencies
Support security initiatives and global policy adherence and awareness efforts
Support global information security metrics and reporting program(s)
Provide security expertise to business units and key stakeholders
Enforce policy adherence and manage formal policy exception requests

Provide timely status updates/reporting on assessments and assigned projects

Education & Experience

A Bachelor degree in Computer Science or a related engineering field with training in information security 10+ years' experience in Information Security

5+ years' experience building and managing Windows server platforms

Thorough knowledge of NIST 800 Special Publications, Federal Information Processing Standards (FIPS) and other significant federal regulations

Expertise the NIST Risk Management Framework to generate and maintain SA&A documentation to include System Security Plans, Security Assessments Reports, and Risk Assessments for internal and cloud- based systems (ie., FedRAMP)

Thorough knowledge of federal laws and directives pertaining to information security Experience using security scanners (e.g. Nessus, Nexpose, etc) and remediating vulnerabilities

Experience in creating and maintaining minimum security configuration baselines for Windows and Linux platforms and applications (i.e., Minimum Benchmarks: CIS, STIGS)

Experience reviewing system logs for potential intrusions and policy violations. Experience using Forescout, Bigfix, and RES a plus

Certifications

CISSP CISM

Security Clearance

Public Trust High (Tier 4/BI) Risk Level

Must be a US citizen or Lawful Permanent Resident

Keywords: Elegant Enterprise- Wide Solutions Inc, Washington DC , Information Security Consultant, Professions , Washington, DC