Information Security Consultant
Company: Elegant Enterprise- Wide Solutions Inc
Location: Washington
Posted on: March 17, 2025
|
|
Job Description:
Key Tasks and Responsibilities
For a complete understanding of this opportunity, and what will be
required to be a successful applicant, read on.
Using the NIST Risk Management Framework (RMF) to conduct
assessments of Information security controls in order to measure
the effectiveness of controls and identify control gaps
Ensure compliance to guidance, standards and regulations such as
NIST Special Publications, FIPS, FedRAMP, and other federal
regulations and policies
Preparing Security Impact Assessments, Addendums, Security
Authorization Packages and including documentation such as
Authorization
Official Out-briefs, Security Authorization Recommendations and
Security Authorizations Memorandums
Identify, assess, and prioritize identified risks
Collect evidence, artifacts, and document findings to support
conclusions
Report on compliance with internal policies, controls, and
standards Provide recommendations for remediation of identified
deficiencies
Track and report on Plans of Action and Milestones (POAMs) (i.e.,
findings/deficiencies to closure)
Coordinate third-party risk assessments and IT audits
Manage remediation efforts and report on the status of control
deficiencies
Support security initiatives and global policy adherence and
awareness efforts
Support global information security metrics and reporting
program(s)
Provide security expertise to business units and key
stakeholders
Enforce policy adherence and manage formal policy exception
requests
Provide timely status updates/reporting on assessments and assigned
projects
Education & Experience
A Bachelor degree in Computer Science or a related engineering
field with training in information security 10+ years' experience
in Information Security
5+ years' experience building and managing Windows server
platforms
Thorough knowledge of NIST 800 Special Publications, Federal
Information Processing Standards (FIPS) and other significant
federal regulations
Expertise the NIST Risk Management Framework to generate and
maintain SA&A documentation to include System Security Plans,
Security Assessments Reports, and Risk Assessments for internal and
cloud- based systems (ie., FedRAMP)
Thorough knowledge of federal laws and directives pertaining to
information security Experience using security scanners (e.g.
Nessus, Nexpose, etc) and remediating vulnerabilities
Experience in creating and maintaining minimum security
configuration baselines for Windows and Linux platforms and
applications (i.e., Minimum Benchmarks: CIS, STIGS)
Experience reviewing system logs for potential intrusions and
policy violations. Experience using Forescout, Bigfix, and RES a
plus
Certifications
CISSP CISM
Security Clearance
Public Trust High (Tier 4/BI) Risk Level
Must be a US citizen or Lawful Permanent Resident
Keywords: Elegant Enterprise- Wide Solutions Inc, Washington DC , Information Security Consultant, Professions , Washington, DC
Click
here to apply!
|