Abacus Technology is seeking an Information Security Engineer to provide administrative and technical security support to the Bureau of Indian Affairs (BIA) Risk Management Framework (RMF) effort. This is a full-time position.
Provide recommendations to OIMT, Division of Information Operations (DIO) and other offices and divisions within for the integration of security processes and compliance with Federal regulations and Departmental policy. Direct security efforts to increase efficiencies and enforce a global security mindset. Provide strategic guidance for the further development of the security program within Indian Affairs (IA). Develop policies and procedures supporting regulations, directives, and Departmental policy. Assist senior management with establishing a plan of action for the remediation of organization-wide weaknesses. Provide direct information assurance guidance pertaining to the development and modification of information systems and industrial control systems. Provide strategic insight and continuous support for the integration of the system development life cycle throughout IA. Assist the OIMT by providing recommendations concerning new and existing projects and assist project managers with security oversight. Coordinate with representatives and Subject Matter Experts (SME) from other Federal Agencies and commercial organizations to maintain awareness of upcoming changes to regulations and technologies. Develop Risk Assessments in accordance with NIST guidance, and deliver risk analysis and guidance as needed to the Associate Chief Information Officer (ACIO) leadership.
6+ years experience directing projects or in a relevant technical engineer role. Bachelor’s degree in a related field. Must be CISSP certified. Direct experience developing IT security policies, architectures, and standard operating procedures with a strategic perspective. Extensive knowledge of and practical experience with implementing standard methodologies used in the Risk Management Framework (RMF) process. Expert-level knowledge and experience with National Institute of Standards and Technology (NIST) guidelines and industry best practices for: Risk Assessment and Management, Vulnerability Analysis, Contingency Planning, Disaster Recovery, Configuration Management, Security Assessments and developing Mitigation Plans. Must have a minimum of 4 years direct full-time experience conducting security assessments and developing all deliverables within a system authorization package. Must have detailed and extensive experience with implementing, evaluating and documenting all technical, management, and operational security controls as defined by the NIST SP 800-53. Must be a US citizen.
Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.