Job Summary:

DDC Dine Source will be supporting the DOI BIA ITSS contract and requires and InfoSec Engineer Level III

The position is dependent on contract award.

Job Duties and Responsibilities:

• Provide recommendations to organizational stakeholders for integrating security processes and ensuring compliance with Federal regulations and Departmental policy.
• Direct security efforts to enhance efficiencies and foster a global security mindset throughout the organization.
• Offer strategic guidance for the ongoing development and enhancement of the security program.
• Develop policies and procedures to support compliance with regulations, directives, and Departmental policies.
• Assist senior management in establishing remediation plans for identified weaknesses and vulnerabilities.
• Offer direct information assurance guidance related to the development and modification of information systems and industrial control systems.
• Provide strategic insight and ongoing support for the integration of the system development life cycle with security considerations.
• Make recommendations regarding new and existing projects and assist project managers in ensuring security oversight.
• Coordinate with representatives and Subject Matter Experts (SME) from other Federal Agencies and commercial organizations to stay informed about upcoming changes in regulations and technologies.
• Develop Risk Assessments following NIST guidance and deliver risk analysis and guidance to organizational leadership as necessary.

Job Requirements (Education/Skills/Experience):

Qualifications:

• Education:
• Bachelor’s Degree and six years relevant experience.
• Master’s Degree and five years relevant experience.
• Eight years relevant experience, Industry-recognized technical certification accepted in lieu of one year of experience.
• Experience:
• Direct experience developing IT security policies, architectures, and standard operating procedures with a strategic perspective.
• Extensive knowledge of and practical experience with implementing standard methodologies used in the Risk Management Framework (RMF) process (Formerly referred to as Certification and Accreditation (C&A)).
• Expert-level knowledge and experience with National Institute of Standards and Technology (NIST) guidelines and industry best practices for:
• Risk Assessment and Management
• Vulnerability Analysis
• Contingency Planning
• Disaster Recovery
• Configuration Management
• Security Assessments and developing Mitigation Plans
• Minimum of 4 years of direct full-time experience conducting security assessments and developing all deliverables within a system authorization package.
• Detailed and extensive experience with implementing, evaluating, and documenting all technical, management, and operational security controls as defined by the NIST SP 800-53 (as amended).
• Functional Responsibility:
• The InfoSec Engineer will provide multi-discipline security administrative and technical security support to the organization. Areas of responsibility include:
• Physical, Computer, Personnel, Information, Administrative, Operational, and Communications Security analysis, assessment, and reporting.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60–1.4(a), 60–300.5(a) and 60–741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.

#LI-DNP