Information Systems Security Engineer (ISSE)VMA United States citizenship required per government contract. (dual citizenship is not permitted). A completed United States DOD clearance investigation and current, active eligibility is required to perform on this contract, and therefore is required to be considered for a position. Location Washington Navy Yard (Remote to Start) Period of Performance ASAP ndash May 2022 (multi-year contract with options) Summary Main Sail has an immediate opening for an ISSECyber Analyst to support our program with Vulnerability Management and the Risk Management Framework (RMF) process. The ideal candidate has a background in Systems Administration or Systems Engineering extensive knowledge of Navy eMASS has a strong systems security mindset and is very detailed oriented with strong written and oral communication skills. Responsibilities Work closely with the Cybersecurity Compliance Team to support multiple programs through the vulnerability management and Risk Management Framework (RMF) process. Be responsible for maintaining and executing functions which includes, but not limited, to ACAS Fortify Source Code scans analysis, STIG Validation in support of DISA, DoD and DON guidelines and proactive vulnerability detection. Be responsible for composing essential documentation (procedures, compliance and remediation reports, continuous monitoring, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization to reduce risk. Implement security engineering principles to review security requirements, verify implementation, and provide mitigation recommendations throughout the life cycle to facilitate secure systems for AA and Continuous Monitoring support. Provide input to leadership for enhancing the vulnerability management strategy. Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities. Contribute to policy development, RMF package accreditations, and training requirements. Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied. Qualifications 3+ Years of Information Security Experience, working with vulnerability management tools Demonstrated knowledge of Systems AdministrationEngineering with proficiency in analyzing systems designs with a systems security mindset Strong knowledge of threats and vulnerabilities associated with cloud and on-premise network security and Computer Network Defense Demonstrated ability to work effectively in an ambiguous environment Strong oral and written communications skills Strong analytical and problem-solving skills and proactive thinking skills High-level familiarity with Vulnerability Management tools such as ACAS, SCAP, STIG Viewer, Vulnerator and Fortify Basic to Moderate familiarity with Cybersecurity tools such as Splunk, HBSS and Solarwinds is a plus Moderate to high-level familiarity with RMF input and validation tools such as eMASS Well versed in the fundamentals of software testing. This includes a demonstrated ability to define and execute a strategy based on system requirements, development goals, and timelines Experienced in conducting and managing functional, integration, usability, loadstress, and performance testing Basic level familiarity with DoD, DON, and other Cyber Security Regulatory Compliance bodies Understanding of how to classify and prioritize the risk of new vulnerabilities based on the operating environment Ability to develop and maintain metrics and reports on vulnerability findings and remediation compliance Ability to facilitate proactive remediation or mitigation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impactapplicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted programs Sense of urgency to address new technologies being deployed Continuous development of infrastructure and cloud vulnerability expertise to function as subject matter expert in multiple technical or business disciplines Sec+ CE certification Erin Gatewood Main Sail, LLC