Overview

LMI is a consultancy dedicated to improving the business of government, drawing from deep expertise in advanced analytics, digital services, logistics, and management advisory services. Established as a private, not-for-profit organization in 1961, LMI is a trusted third party to federal civilian and defense agencies, free of commercial and political bias. We believe government can make a difference, and we seek talented, hardworking people who share that conviction.

Position is on the research staff of a government consulting organization and will be based out of Reston, VA. This position provides cyber security engineering support to enable the development and maintenance of application and infrastructure systems.

Responsibilities

• Provide guidance on information security policies, regulations, and technical implementations with a solid understanding of cyber security operations and the Sponsor’s Accreditation and Authorization (A&A) processes.
• Provide analysis of vulnerability results and recommend mitigation plans for security problems.
• Use and evaluate systems with tools such as Splunk, Nexpose, AppDetective, FireEye, Rapid7, NMAP, NIPPER, and WebInspect.
• Understand cloud based infrastructure as a service technologies to include AWS, Azure, and Microsoft Cloud.
• Evaluate systems against NIST 800.53, Risk Management Framework (RMF), FedRAMP and other security standards and publications, as well as the Sponsor’s internal security regulations.
• Assist in the evaluation and analysis of cloud services and tools from a security risk perspective.
• Actively participate in or lead technical exchange meetings and application review boards, to verify and validate systems security controls, while also documenting action items and results of those events.
• Provide briefings on system statuses and mitigation activities as needed.

Qualifications

Required

• Bachelor’s Degree in a quantitative discipline (e.g., related discipline)
• Minimum 6-8 years cyber scanning experience
• Demonstrated experience in understanding, applying, and testing IT systems against NIST 800.53 and Industry Standards.
• Demonstrated experience with standard cyber security policies, guidance, research, evaluation, and development of relevant security policies.
• Demonstrated experience providing vulnerability analysis results and mitigation plans for addressing security problems.
• Demonstrated experience reviewing reports generated by Nexpose, AppDetective, Rapid7, NMAP, NIPPER, WebInspect, and similar scanning tools.
• Demonstrated experience securing and providing risk mitigations for systems and applications using Linux, Windows, Wireless and Virtual Platforms.
• Demonstrated experience with cloud-based infrastructure-as-a-service technologies such as AWS and Azure.
• Demonstrated experience securing and providing risk mitigations for systems and applications in the cloud environment.
• Must possess TS/SCI with polygraph.

Desired

• Demonstrated experience with system configurations, development and design, specifically around enterprise systems.
• Demonstrated experience communicating both verbally and in writing, when responding to emails, telephone calls and/or in person inquiries from organizational personnel.
• Certification:
  • ISACA Certified Information Security Manager (CISM)
  • ISACA Certified Information Systems Auditor (CISA)
  • ISC Certified Information Systems Security Professional (CISSP)
  • ISC Certified Cloud Security Professional (CCSP)
  • ISC Certified Authorization Professional (CAP)