The #1 Site for IT and Engineering Jobs - search all IT and Engineering  jobs.
M2w7wc60qnxttj50s9t

Mid-Level Security Engineer

Job Description

Ace Info Solutions, Inc. (AceInfo) is a leading Federal contractor with a focused vision: empower our clients, challenge our employees, and grow our business. Founded in December 2000, we are deeply committed to ensuring quality and customer satisfaction. We have a mature corporate infrastructure, strong management, and quality practices. AceInfo is a trusted IT partner to the Federal Government, and we help various agencies transform and strengthen their processes, operations, infrastructures, and security practices to help them further their critical missions.

For over 15 years, we have successfully managed large and significant Federal programs. We have proven experience prioritizing client satisfaction, project quality, and providing innovative, cost-effective solutions to Federal clients.

AceInfo is prime on 95% of our contracts, is headquartered in Reston VA, and has geographically dispersed office locations throughout the country, to include: Kearneysville, WV; Chesapeake, VA; Fort Collins, CO; Boulder, CO; Quantico, VA; Kansas City, MO; Bowie, MD; multiple Washington, DC Metropolitan locations, and project presence in 23 states in all time zones. We offer excellent benefits and salary packages including free medical/dental/life insurance premiums for staff members. We offer relocation assistance for internal employees and external candidates, within 50 miles (minimum) of work location. We do not offer assistance for relocation and housing for internship positions.

AceInfo is currently seeking a Mid Level Security Analyst to support our federal project, in Fort Collins, CO. Candidate must have the ability to obtain a Public Trust from the Federal Government. 

Responsibilities

  • Execution of Risk Management Framework
  • Perform Security Impact Assessment for all application and environment updates
  • Counsel to ensure auditing, testing, preventive and reactive measures are being adequately implemented for systems with an active Authorization to Operate (ATO).
  • Coordinate Development, DevOps and Quality Assurance (QA) engineers to ensure user stories have accurate and specific acceptance criteria that support compliance and control requirements.
  • Develop an in-depth understanding of customer requirements to quantify security and application risks, and perform impact assessments
  • Identification, authoring, and monitor of necessary controls to achieve and maintain compliance
  • Oversight, expertise, technical security strategy, standards, and best practices for security categorizations (low, moderate and high).
  • Reviews, testing and implementation of security requirements within project plan timelines.
  • Research and tracking of security standards, policies, and procedures.

Job Requirements

 



Qualifications

  • Documented experience executing Risk Management Framework (RMF, NIST-800-53).
  • Control identification, definition, implementation, and monitoring
  • 3+ of experience with agile software development.  
  • 5+ years’ experience in an enterprise security role.
  • General knowledge of security best practices and compliance requirements
  • Knowledge of Risk Management Framework.
  • Knowledge of NIST, FISMA, and other applicable guidance.
  • Excellent organizational and communication skills are mandatory for various stakeholder audiences.
  • Experience collaboratively establishing secure configuration baselines for technologies.
  • Knowledge or experience with conducting Assessment and Authorization (A&A) and Continuous Monitoring following NIST guidelines.
  • Knowledge or experience developing security documentation and conducting reviews for A&A packages.


Knowledge, Skills, and Abilities

  • Review and verify policies and procedures are developed in line with all applicable federal and LOC security standards and regulations.
  • Maintain, track, and communicate detailed project tasks.
  • Manage initial and reauthorization System Assessment and Authorization (SAA)/ Security Controls Assessment (SCA) task and milestone, task dependencies for low, moderate, and high security systems.
  • Develop and update security documentation including but not limited to:
  • Privacy Threshold Assessment (PTA)/ Privacy Impact Analysis (PIA)
  • Business Impact Assessment (BIA)
  • Contingency Plans (CP)
  • Configuration Management Plan (CMP)
  • Change Management Plans, Incident Response Plans (IRP)
  • Plan of Action and Milestones (POA&Ms)
  • Security Assessment Reports (SAR)
  • Memorandum of Understanding / Interconnection Security Agreement (ISA)
  • Categorize and determine baseline IT security requirements in accordance with FIPS 199.
  • Identify and visually demonstrate system boundaries, select security controls, and ensure implemented controls are adequate for COTS or proprietary web applications. Provide recommendations as necessary to meet or improve controls.
  • Ensure security policies are developed, maintained and updated to meet IT security best business practices and standards, including  Federal Info Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) 800-53 – IPS federal info processing standard.
  • Assists in documenting and managing artifacts in SharePoint, Atlassian Suite (JIRA, Confluence) and CSAM security repositories, including but not limited to writing implementation statements.
  • Assists Information Systems Security Managers (ISSMs) in generating ATO packages
  • Conduct continuous monitoring and reporting of security control implementations.
  • Must evaluate business strategies and requirements to develop security strategies, assess risk, research standards, and determine security requirements as necessary.
  • Track and coordinate POA&M remediation activity with different functional teams across multiple systems.


Clearance and Eligibility

  • Must have active certification in at least one of the following:
  • CAP
  • CASP CE
  • CISM
  • CISSP
  • GSLC

Ability to attain Federal Government Position of Trust.

Must be a U.S. citizen, foreign citizen authorized to legally work in the United States or resident alien.

Must pass a background investigation.

Job Snapshot

Location US-CO-Fort Collins
Employment Type Full-Time
Pay Type Year
Pay Rate N/A
Store Type IT & Technical, Other
Apply

Company Overview

Ace Info Solutions, Inc

Ace Info Solutions, Inc. (AceInfo) is a mid-size federal contracting firm with a focused vision: empower our clients, challenge our employees, and grow our business. Founded in December 2000, and employs over 500 professionals. We have a deep commitment to ensuring quality and customer satisfaction with a mature corporate infrastructure, strong management and quality practices. Learn More

Contact Information

US-CO-Fort Collins
Snapshot
Ace Info Solutions, Inc
Company:
US-CO-Fort Collins
Location:
Full-Time
Employment Type:
Year
Pay Type:
N/A
Pay Rate:
IT & Technical, Other
Store Type:

Job Description

Ace Info Solutions, Inc. (AceInfo) is a leading Federal contractor with a focused vision: empower our clients, challenge our employees, and grow our business. Founded in December 2000, we are deeply committed to ensuring quality and customer satisfaction. We have a mature corporate infrastructure, strong management, and quality practices. AceInfo is a trusted IT partner to the Federal Government, and we help various agencies transform and strengthen their processes, operations, infrastructures, and security practices to help them further their critical missions.

For over 15 years, we have successfully managed large and significant Federal programs. We have proven experience prioritizing client satisfaction, project quality, and providing innovative, cost-effective solutions to Federal clients.

AceInfo is prime on 95% of our contracts, is headquartered in Reston VA, and has geographically dispersed office locations throughout the country, to include: Kearneysville, WV; Chesapeake, VA; Fort Collins, CO; Boulder, CO; Quantico, VA; Kansas City, MO; Bowie, MD; multiple Washington, DC Metropolitan locations, and project presence in 23 states in all time zones. We offer excellent benefits and salary packages including free medical/dental/life insurance premiums for staff members. We offer relocation assistance for internal employees and external candidates, within 50 miles (minimum) of work location. We do not offer assistance for relocation and housing for internship positions.

AceInfo is currently seeking a Mid Level Security Analyst to support our federal project, in Fort Collins, CO. Candidate must have the ability to obtain a Public Trust from the Federal Government. 

Responsibilities

  • Execution of Risk Management Framework
  • Perform Security Impact Assessment for all application and environment updates
  • Counsel to ensure auditing, testing, preventive and reactive measures are being adequately implemented for systems with an active Authorization to Operate (ATO).
  • Coordinate Development, DevOps and Quality Assurance (QA) engineers to ensure user stories have accurate and specific acceptance criteria that support compliance and control requirements.
  • Develop an in-depth understanding of customer requirements to quantify security and application risks, and perform impact assessments
  • Identification, authoring, and monitor of necessary controls to achieve and maintain compliance
  • Oversight, expertise, technical security strategy, standards, and best practices for security categorizations (low, moderate and high).
  • Reviews, testing and implementation of security requirements within project plan timelines.
  • Research and tracking of security standards, policies, and procedures.

Job Requirements

 



Qualifications

  • Documented experience executing Risk Management Framework (RMF, NIST-800-53).
  • Control identification, definition, implementation, and monitoring
  • 3+ of experience with agile software development.  
  • 5+ years’ experience in an enterprise security role.
  • General knowledge of security best practices and compliance requirements
  • Knowledge of Risk Management Framework.
  • Knowledge of NIST, FISMA, and other applicable guidance.
  • Excellent organizational and communication skills are mandatory for various stakeholder audiences.
  • Experience collaboratively establishing secure configuration baselines for technologies.
  • Knowledge or experience with conducting Assessment and Authorization (A&A) and Continuous Monitoring following NIST guidelines.
  • Knowledge or experience developing security documentation and conducting reviews for A&A packages.


Knowledge, Skills, and Abilities

  • Review and verify policies and procedures are developed in line with all applicable federal and LOC security standards and regulations.
  • Maintain, track, and communicate detailed project tasks.
  • Manage initial and reauthorization System Assessment and Authorization (SAA)/ Security Controls Assessment (SCA) task and milestone, task dependencies for low, moderate, and high security systems.
  • Develop and update security documentation including but not limited to:
  • Privacy Threshold Assessment (PTA)/ Privacy Impact Analysis (PIA)
  • Business Impact Assessment (BIA)
  • Contingency Plans (CP)
  • Configuration Management Plan (CMP)
  • Change Management Plans, Incident Response Plans (IRP)
  • Plan of Action and Milestones (POA&Ms)
  • Security Assessment Reports (SAR)
  • Memorandum of Understanding / Interconnection Security Agreement (ISA)
  • Categorize and determine baseline IT security requirements in accordance with FIPS 199.
  • Identify and visually demonstrate system boundaries, select security controls, and ensure implemented controls are adequate for COTS or proprietary web applications. Provide recommendations as necessary to meet or improve controls.
  • Ensure security policies are developed, maintained and updated to meet IT security best business practices and standards, including  Federal Info Security Management Act (FISMA), and National Institute of Standards and Technology (NIST) 800-53 – IPS federal info processing standard.
  • Assists in documenting and managing artifacts in SharePoint, Atlassian Suite (JIRA, Confluence) and CSAM security repositories, including but not limited to writing implementation statements.
  • Assists Information Systems Security Managers (ISSMs) in generating ATO packages
  • Conduct continuous monitoring and reporting of security control implementations.
  • Must evaluate business strategies and requirements to develop security strategies, assess risk, research standards, and determine security requirements as necessary.
  • Track and coordinate POA&M remediation activity with different functional teams across multiple systems.


Clearance and Eligibility

  • Must have active certification in at least one of the following:
  • CAP
  • CASP CE
  • CISM
  • CISSP
  • GSLC

Ability to attain Federal Government Position of Trust.

Must be a U.S. citizen, foreign citizen authorized to legally work in the United States or resident alien.

Must pass a background investigation.

Mwv6ln6sdf2w65fj0mf
Sologig Advice

For your privacy and protection, when applying to a job online: Never give your social security number to a prospective employer, provide credit card or bank account information, or perform any sort of monetary transaction.Learn More

By applying to a job using sologig.com you are agreeing to comply with and be subject to the workinretail.com Terms and Conditions for use of our website. To use our website, you must agree with theTerms & Conditionsand both meet and comply with their provisions.
Mid-Level Security Engineer Apply now