OT Security Engineer; Hybrid​/Remote

Join to apply for the Information Security/Cloud Compliance Analyst (Hybrid/Remote) role at Alluvial Concepts (Macro Pros)

1 day ago Be among the first 25 applicants

Join to apply for the Information Security/Cloud Compliance Analyst (Hybrid/Remote) role at Alluvial Concepts (Macro Pros)

Macro Pros is seeking an Operational Technology (OT) Security Engineer for a long-term engagement (contract or contract-to-hire) supporting a federal agency in Bethesda, MD. The work schedule is Monday on-site in Bethesda (required) with Tuesday through Friday remote.

To apply you must be a US Citizen, currently live in metro Washington, DC, and able to pass a standard background check, and obtain a Public Trust Clearance.

Responsibilities

• Access Controls and assessment experience - dealing with challenges when an assessment of that control and/or ability to remediate a POA&M for that control & assessing or closing out the findings.
• Advising on and helping establish sound information security processes and controls for the project according to federal information security policies, practices, and standard operating procedures (SOP), and engaging with the implementation teams to ensure that the solutions designed, built, deployed, and operated and maintained adhere to the same information security requirements.
• Able to talk through security controls and what it means to the specific type of system.
• Verify that the information security controls implemented by and in connection with the enterprise technology solutions deployed are operated as designed.
• Experience supporting Operational Technology (OT) systems and understanding the differences between IT and OT systems from an A&A perspective.
• The individual will liaise with the assessment and authorization (A&A) team at the client to ensure control requirements are understood and addressed and coordinate responses to A&A assessments in connection with the authority to operate (ATO) for new solutions deployed.
• Experience taking a system that has a cloud component to it and taking it through the ATO process.
• Our client has systems they want to bring on that leverage cloud in different aspects (infrastructure, SaaS, etc.). As a security specialist, you must have experience doing assessments and security documentation.
• Organize and conduct information security control assessments to validate ATO and audit readiness of the project and the enterprise technology solutions to be deployed. They will engage project management, project team leads, and client stakeholders as appropriate in conducting assessments, sharing results, and validating remediation of control weaknesses.
• Information Security Compliance Analyst will provide Cyber Security and Information System Security Management Services to internal and external customers in support of network and information security systems
• Advise on and help establish sound information security processes and controls for the project according to federal information security policies, practices, and standard operating procedures (SOP), and engaging with the implementation teams to ensure that the solutions designed, built, deployed, and operated and maintained adhere to the same information security requirements.
• Verify that the information security controls implemented by and in connection with the enterprise technology solutions deployed are operated as designed.
• Organize and conduct information security control assessments to validate ATO and audit readiness of the project and the enterprise technology solutions to be deployed. They will engage project management, project team leads, and client stakeholders as appropriate in conducting assessments, sharing results, and validating remediation of control weaknesses.
• Assess information system risks and controls and identifying information system control design and operation weaknesses
• Perform process and system evaluations (assessments) to ensure compliance with established policies, processes, procedures, and applicable standards
• Validate security control assessments results
• Perform a variety of technical and administrative activities related to the function of QA (auditing), including, but not limited to, scheduling, checklist development, report writing, facilitating root cause/lessons learned analysis, and internal/external presentations
• Provides assessment and authorization (A&A) management support by guiding the development of all documentation necessary to complete the A&A process to include system security plans, contingency plans, and other associated documentation
• Conducts complex vulnerability assessments to include development of risk mitigation strategies with the customer; adjudicating based on assessing the vulnerabilities, threats, and risk associated with assessment
• Review system configurations and scan tool results to determine system compliance and report results.
• Compile,…