OverviewLMI is a consultancy dedicated to improving the business of government, drawing from deep expertise in advanced analytics, digital services, logistics, and management advisory services. Established as a private, not-for-profit organization in 1961, LMI is a trusted third party to federal civilian and defense agencies, free of commercial and political bias. We believe government can make a difference, and we seek talented, hardworking people who share that conviction.Position is on the research staff of a government consulting organization and will be based out of Reston, VA. This position provides cyber security engineering support to enable the development and maintenance of application and infrastructure systems.ResponsibilitiesProvide guidance on information security policies, regulations, and technical implementations with a solid understanding of cyber security operations and the Sponsors Accreditation and Authorization (A&A) processes.Provide analysis of vulnerability results and recommend mitigation plans for security problems.Use and evaluate systems with tools such as Splunk, Nexpose, AppDetective, FireEye, Rapid7, NMAP, NIPPER, and WebInspect.Understand cloud based infrastructure as a service technologies to include AWS, Azure, and Microsoft Cloud.Evaluate systems against NIST 800.53, Risk Management Framework (RMF), FedRAMP and other security standards and publications, as well as the Sponsors internal security regulations.Assist in the evaluation and analysis of cloud services and tools from a security risk perspective.Actively participate in or lead technical exchange meetings and application review boards, to verify and validate systems security controls, while also documenting action items and results of those events.Provide briefings on system statuses and mitigation activities as needed.QualificationsRequiredBachelors Degree in a quantitative discipline (e.g., related discipline)Minimum 6-8 years cyber scanning experienceDemonstrated experience in understanding, applying, and testing IT systems against NIST 800.53 and Industry Standards.Demonstrated experience with standard cyber security policies, guidance, research, evaluation, and development of relevant security policies.Demonstrated experience providing vulnerability analysis results and mitigation plans for addressing security problems.Demonstrated experience reviewing reports generated by Nexpose, AppDetective, Rapid7, NMAP, NIPPER, WebInspect, and similar scanning tools.Demonstrated experience securing and providing risk mitigations for systems and applications using Linux, Windows, Wireless and Virtual Platforms.Demonstrated experience with cloud-based infrastructure-as-a-service technologies such as AWS and Azure.Demonstrated experience securing and providing risk mitigations for systems and applications in the cloud environment.Must possess TS/SCI with polygraph.DesiredDemonstrated experience with system configurations, development and design, specifically around enterprise systems.Demonstrated experience communicating both verbally and in writing, when responding to emails, telephone calls and/or in person inquiries from organizational personnel.Certification:ISACA Certified Information Security Manager (CISM)ISACA Certified Information Systems Auditor (CISA)ISC Certified Information Systems Security Professional (CISSP)ISC Certified Cloud Security Professional (CCSP)ISC Certified Authorization Professional (CAP)#J-18808-Ljbffr

by Jobble