Cyber Security Engineering (SME) - TS/SCI with Polygraph Required
Full Time
Overview
LMI is a consultancy dedicated to improving the business of government, drawing from deep expertise in advanced analytics, digital services, logistics, and management advisory services. Established as a private, not-for-profit organization in 1961, LMI is a trusted third party to federal civilian and defense agencies, free of commercial and political bias. We believe government can make a difference, and we seek talented, hardworking people who share that conviction.
Position is on the research staff of a government consulting organization and will be based out of Reston, VA. This position provides cyber security engineering support to enable the development and maintenance of application and infrastructure systems.
Responsibilities
- Provide guidance on information security policies, regulations, and technical implementations with a solid understanding of cyber security operations and the Sponsor’s Accreditation and Authorization (A&A) processes.
- Provide analysis of vulnerability results and recommend mitigation plans for security problems.
- Use and evaluate systems with tools such as Splunk, Nexpose, AppDetective, FireEye, Rapid7, NMAP, NIPPER, and WebInspect.
- Understand cloud based infrastructure as a service technologies to include AWS, Azure, and Microsoft Cloud.
- Evaluate systems against NIST 800.53, Risk Management Framework (RMF), FedRAMP and other security standards and publications, as well as the Sponsor’s internal security regulations.
- Assist in the evaluation and analysis of cloud services and tools from a security risk perspective.
- Actively participate in or lead technical exchange meetings and application review boards, to verify and validate systems security controls, while also documenting action items and results of those events.
- Provide briefings on system statuses and mitigation activities as needed.
Qualifications
Required
- Bachelor’s Degree in a quantitative discipline (e.g., related discipline)
- Minimum 6-8 years cyber scanning experience
- Demonstrated experience in understanding, applying, and testing IT systems against NIST 800.53 and Industry Standards.
- Demonstrated experience with standard cyber security policies, guidance, research, evaluation, and development of relevant security policies.
- Demonstrated experience providing vulnerability analysis results and mitigation plans for addressing security problems.
- Demonstrated experience reviewing reports generated by Nexpose, AppDetective, Rapid7, NMAP, NIPPER, WebInspect, and similar scanning tools.
- Demonstrated experience securing and providing risk mitigations for systems and applications using Linux, Windows, Wireless and Virtual Platforms.
- Demonstrated experience with cloud-based infrastructure-as-a-service technologies such as AWS and Azure.
- Demonstrated experience securing and providing risk mitigations for systems and applications in the cloud environment.
- Must possess TS/SCI with polygraph.
Desired
- Demonstrated experience with system configurations, development and design, specifically around enterprise systems.
- Demonstrated experience communicating both verbally and in writing, when responding to emails, telephone calls and/or in person inquiries from organizational personnel.
- Certification:
- ISACA Certified Information Security Manager (CISM)
- ISACA Certified Information Systems Auditor (CISA)
- ISC Certified Information Systems Security Professional (CISSP)
- ISC Certified Cloud Security Professional (CCSP)
- ISC Certified Authorization Professional (CAP)