Information Security Engineer - Hybrid at Annapolis, MD (2 days) - Contract/FTE. Sorry, cannot entertain H1B due to the nature of the client.

Analyzes and defines security requirements for information protection. Defines and develops security policies. Analyzing the sensitivity of information, performs vulnerability and risk assessments on the basis of defined sensitivity and information flow.

Job Description:

Policy Development & Implementation:

Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies.

Support the implementation of information assurance strategies to secure enterprise systems and networks.

Security Assessments & Compliance:

Conduct system assessments using automated tools like ACAS/Nessus, Security Content Automation Protocol (SCAP), and manual STIG reviews.

Test and implement DoD STIGs, devise mitigation strategies, and ensure compliance with security standards.

Apply Common Vulnerabilities and Exposures (CVE) patches and conduct follow-up security scans after updates.

Risk Management & Vulnerability Assessment:

Perform risk assessments and vulnerability assessments to identify and mitigate potential threats.

Develop and maintain Risk Management Framework (RMF) and NIST System Security Plan (SSP) documentation.

Security Solution Evaluation:

Evaluate and implement security solutions to ensure compliance with security requirements and effective information processing.

Education: A bachelor’s degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline. A master’s degree is preferred.

General Experience: This position requires a minimum of eight (8) years of experience in information protection.

Certifications (at least one of the following): CCNA Security, CASP+,GISCP, GSEC, Security+ CE, CND, or SSCP.

Technical Skills & Experience:

Experience with DHS/NSA Tasking orders and compliance response

Expertise in RMF and NIST SSP documentation.

Hands-on experience with security tools including:

NMAP, ACAS/Nessus, Rapid7, SCAP, and STIGViewer.

Familiarity with testing and applying STIGs and developing mitigation strategies.

Knowledge of applying CVE patches and conducting compliance scan

Additional Information :

Hours: selected individual will work approximately 40 hours/week, Monday through Friday, from 8 a.m. to 5 p.m. Although the client is closed on most State holidays, the selected individual may be asked to work on a state holiday if client employees are working. The candidate must pass the CJIS background check or other approved background check.

Global Alliant, Inc. provides equal employment opportunities(EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state, and local laws. We especially invite women, minorities, veterans, and individuals with disabilities to apply.