Enterprise Solutions Realized has an immediate need for an experienced Senior IT Security Engineer to provide expert consultative support to a functional technical area of a project. Essential Job Functions: Identify risks to the production environment associated with the system additions, changes or modifications.Document the organization's current business process flows.Identify and document functional requirements for information systems.Develop project documentation and user training materials according to program specifications.Support design, creation, and development of security systems, policies, and designs.Conduct user training sessions.Conduct Risk Management Framework Steps: 1. Categorize Information System: Assist the BEP in planning, documenting, and implementing an efficient and effective SA&A process using automated BEP's SA&A tool.Recommend and documenting process tailoring to provide assessment that are appropriate to the system type (major or minor) and security impact, maximizing use of common controls, standardization, and other methods to achieve this goal. Support the assessment software request by BEP end users that may not constitute a system using BEP's established Desktop Application Checklist (DAC) process.2. Select Security Controls: Prepare plans to assess the management, operational, and technical security controls in the information system using methods listed in the NIST SP 800-53A and additional assessment methods and procedures as required utilizing the SA&A tool when appropriate. Plans shall include evaluation of contingency plans, configuration management plans, security configuration checklists, and interconnection security agreements for compliance with NIST, Department of the Treasure, and BEP guidance.3. Implement Security Controls: Document the security control implementation, as appropriate, in the security plan, providing a functional description of the control implementation (including planned inputs, expected behavior, and expected outputs).4. Assess Security Controls: Conduct formal assessment, in accordance with NIST guidance and BEP policy and procedures, of management and operational and technical security controls.5. Authorize Information System: Work with system owners or their designee to mitigate POA&M items prior to submission of the completed SA&A package.6. Monitoring Security Controls: Perform stop gap analysis to ensure BEP system documentation is up to date in the SA&A tool and any other reporting repositories. In addition to the RMF steps, the ideal candidate will also perform the following duties:-Security Assessment and Authorization (SA&A)-Continuous Monitoring and Event Management-Audit and Compliance Program Support-IT Security Operation Support-Computer Security Incident Response Capability (CSIRC)-Continuous Diagnostics and Mitigations (CDM)-Privacy Program Required Skills:Due to the sensitivity of customer related requirements, US Citizenship is required. Bachelor's degree in related field is required.Must have a minimum of 5 years in a lead role in cybersecurity and/or information assurance.Must have a minimum of 5 years of experience in Big Fix, Splunk, ForeScout, RES, or similar SIEM tools.Must have an active DoD Secret clearance.Must have an active CISSP or CISM certification, this is a requirement.Must have experience with independent assessment overview of the implementation of the policy and procedures associated with the enterprise system software security on Windows and UNIX/Linux servers, and the analysis of security vulnerabilities identifying recommendations for the remedy of the particular environment.Must have experience in evaluating and implementing NIST/FISMA compliant policies, standards and guidelines covering data security, disaster recovery, continuity of operations, and contingency planning.Demonstrated leadership experience in projects of similar size and complexity.Commitment to excellence and high standards.Excellent written and oral communication skills.Strong organization, problem-solving, and analytical skills.Versatility, flexibility, and a willingness to work within constantly changing priorities with enthusiasm.Demonstrated ability to plan and organize projects.Ability to work on complex projects with minimal direction and guidance.Proven ability to handle multiple projects and meet deadlines.Professional knowledge and experience with all standards and tools for Internet and web-related content delivery. Deliverables:Provide a POA&M report which documents all outstanding weaknesses, responsible parties and associated parties and associated dates of completion. Prepare Security Assessment Report (SAR) documenting the results of the system security assessment review; an analysis of the results; recommendations for correcting deficiencies in security controls; and reducing or eliminating vulnerabilities.