Security Engineer Jr.
Saliense · Arlington, VA · 6 days ago
Information TechnologyFull-time
About the role
The Security Engineer Junior supports work performed under the contract possessing a core set of knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis.
Qualifications
- Minimum Educational Requirements: BS/BA in Computer Science, Information Systems, Engineering, Business, Physical Science, or other technology-related discipline.
- Must have a minimum of one (1) year of federal information systems security experience.
- Technical Skills:
- Experience with RMF and applying the NIST Cybersecurity Framework.
- Solid knowledge of federal information system security policy, industry best practices, security control assessments, Plan of Action and Milestones (POA&M) management, system authorizations, configuration management, and system analysis.
- Experience designing and implementing solutions for protecting the confidentiality, integrity, and availability of sensitive information.
- Experience providing technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, and security implementation.
- Experience using CSAM.
- Solid understanding and application of NIST Special Publications including SP 800-53, SP 800-137, SP 800-171, and SP 800-37.
- Solid understanding of FISMA audit requirements.
- Solid understanding of IT audit requirements.
- Ability to work with cooperatively and at a technical level with developers, engineers, and managers on system teams.
- Knowledge of computer networking concepts, protocols, and network security methodologies.
- Knowledge of risk management processes and tools (e.g., methods and tools for assessing and mitigating risks).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy in a federal environment.
- Knowledge of current and past cybersecurity threats and vulnerabilities.