Project Management Firms | Human Resource Consulting | Software Development Firm | Business Analysis Services | Best SEO Services | Help Desk Services - Right resources at the Right time

The Security Engineer position is responsible for the following tasks:   ·         Obtain & Maintain C&A certifications (ATO) for AFMS Systems ·         Execute and deliver weekly, monthly and quarterly vulnerability scans using DOJ approved tools such as Foundstone, Nessus, and AppDetective. ·         Ad-hoc vulnerability scans ·         Secure Configuration Compliance Scans and Vulnerability Scans for new and rebuilt servers ·         Execute a quarterly Password Scan using Jon the Ripper software and prepare a compliance report to the client ·         Maintain and administer security tools for new versions and plug-ins such as Foundstone, Nessus, and AppDetective ·         Vulnerability and Patch Management Reporting and Support: prepare monthly Vulnerability Acceptance Report for Government review; manage and track all Justice SOC (JSOC) Vulnerability Patch Requirements(VPR) to closure using JSOC and AFMS Remedy Ticket System, provide client ISSM monthly status reports for all open VPRs, prepare JSOC VPR Wavers as needed for critical patches ·         Perform Continuous Security Monitoring using DOJ approved tools such as Bigfix, Arcsight, firewalls, NAC, and Ironport ·         Provide a quarterly penetration report using the output from the Cisco MARS tool ·         Collaborate with other IT teams to assist in resolution of security issues ·         Collaborate with government representatives to assist in resolution of security issues ·         Monitor industry sources for current trends and threat landscape ·         Perform Security Reviews and Risk Analysis for all new and proposed software products prior to selecting and implementing them in to the AFMS IT environment ·         Coordinate the Submission all Security contract deliverables on or before the required due dates ·         Participate and assist in Department wide exercises such as yearly Incident Response (IRP) and Contingency Planning (ITCP) table-top exercises. ·         Prepare POA&M and waiver documentation in coordination with government representatives ·         Update all Policy and Procedure security documentation as necessary ·         Support the Control Testing initiatives to assist in the successful and timely completion of Control Reviews and Security Authorization (was C&A now SA) process: o    Yearly FISCAM A123 control assessment o    Yearly Core (ATO) control assessment o    SA of major applications o    SA of GSS ·         Coordinate the delivery of the Computer Security Awareness Training and Significant IT Security Roles Training Reports on or before DOJ required due date ·         IT Security Incident Response and Management: coordinate the reporting of IT security-related incidents on schedule in accordance with DOJ /USCERT reporting category time requirements. ·         Assist in the delivery for updated security plans policies, standard operating procedures on or before the required due dates ·         Run network scans using Foundstone, Nessus, and other scanning tools to identify potential security vulnerabilities and needed security patches ·         Prepare reports summarizing scan results and brief the client organization’s representative on actions that need to be taken, as well as coordinate and work with network engineers to assure that security patches and systems updates are accomplished on a timely basis ·         Monitor the Cisco IDS system; analyze IDS results to eliminate false positives, and alert appropriate staff when action needs to be taken ·         Help prepare Incident Response Plans and monitor ArcSight's collection of network and IT security information ·         Work closely with IT Operations, network engineers, system administrators, users, and other support personnel to verify compliance with DOJ and organization’s security policy ·         Support the review and maintenance of  Security Authorization documents in accordance with Federal, DOJ, and applicable local regulations ·         Plan and/or support penetration testing and vulnerability scanning of application environment – perform analysis of results and provide security POAM inputs as required ·         Provide procedural and architectural recommendations to Government, management and engineering staff on security matters as required ·         Assist with development and training of management, administrators, engineers and users on security policies and procedures   Cognitive abilities listed below are required on a regular basis throughout the workday:   ·         Problem solving and data analysis, ·         Strong written and verbal communication skills, ·         Read, write and comprehend numbers and words, ·         Follow directions and routines, ·         Concentrate and recall, ·         Able to work in a team environment, ·         Planning and organization, ·         Work independently with appropriate judgment, ·         Uses strong project management skills to deliver a range of small to medium sized engagements, projects or sub-projects within planned timelines, and quality specifications, ·         Manages the development and integration of discrete deliverables, including analysis and "client ready" written communications and presentations, ·         Establishes and manages the project plan (development, delivery schedule, resource requirements), ·          Leads small  task teams (i.e., up to 3 colleagues), ·          Proactively report project risk and deliverable issues to manager for assistance as soon as possible, ·          Establish strong client relationships   Proficiencies: ·          Scanning Tools: Foundstone, Nessus ·          OS’s: Windows, Linux ·          Office Productivity:  Excel, Word, Project, Vision ·          Project Management: MS Project ·          Document Management Systems (i.e. – IBM ClearCase, ClearQuest) ·          Ticketing System (i..e – Remedy) ·          Security Frameworks: NIST-SP800-53, NIST-SP800-30, NIST-SP800-37, NIST-SP800-39,  NIST-SP800-40,  NIST-SP800-61       SKILLS/EXPERIENCE/EDUCATION Additional Requirements -The ideal candidate will possess in addition to 7 years experience with five (5) years of Security Engineer specialized experience -Bachelor's Degree or equivalent in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline -Experience working on DOJ contract is a plus -CISSP preferred -Strong organizational skills with emphasis on detail and follow-up -Strong task management skills -Excellent decision making and problem solving skills -Excellent customer service and communication skills -Must have excellent written and verbal communication skills and the ability to work independently in a complex, sophisticated technical environment   ONLY US Citizens No Exceptions -DOD Secret or higher security clearance is highly desired -Must pass a DOJ Minimal Background Investigation, MBI, Level 5 background investigation. Valid EQIP JPAS transfers acceptable -Washington Metro area applicants only please -Project Location, NW, Washington, DC -College degree, required GSA REQUIREMENTS: -Bachelor’s Degree with 8 years of experience in information security technology and policy and procedure development. -Master’s Degree with six years of experience. -PHD with four years experience -twelve years IT experience ad 9 years of specialized experience, a degree is not required.