Senior Security Engineer - Cloud, NIST & FedRAMP

Job Description We are seeking a highly skilled Security Engineer to join our team, specializing in implementing secure and resilient infrastructural modifications and advanced IT security enhancements. In this role, you will manage ITIL-based configuration and change management framework, ensuring alignment with NIST SP 800-128 guidelines. Your responsibilities will include overseeing the deployment and maintenance of both cloud-based and on-premises infrastructure, utilizing next-generation cybersecurity strategies to optimize performance and security. If you possess these skills and are passionate about maintaining high security and compliance standards through innovative IT solutions, we encourage you to apply now. Responsibilities Design and implement secure infrastructural modifications, leveraging expert technical and systems engineering consultancy. Develop and manage a forward-thinking configuration and change management framework aligned with NIST SP 800-128 guidelines, utilizing automation and predictive analytics. Deploy and maintain a diverse array of computing and communication technologies, ensuring compliance with NIST standards. Strategically adhere to the Risk Management Framework to achieve Security Authorization objectives, enhancing institutional resilience. Provide primary support for critical network and security functions, including firewall management, IP address allocation, and incident response. Develop and maintain detailed documentation and testing protocols for cloud-based and on-premises server setups and configurations. Employ a detailed change management process aligned with NIH Configuration Management Plan, ensuring thorough review and security impact analysis. Optimize endpoint security using tools like HCL BigFix for real-time patch deployment and vulnerability management. Implement automation for security certificate processes and other security-related tasks to enhance efficiency and compliance. Implement AI-driven tools for proactive server and endpoint monitoring, enhancing security posture. Partner with security personnel for annual Contingency Plan and Incident Response testing, ensuring readiness and compliance. Produce comprehensive security reports and documentation for systems and software lifecycle phases, adhering to federal standards and guidelines. Implement Information Security Continuous Monitoring (ISCM) and mitigate identified security risks throughout the lifecycle. Maintain security requirements for cloud services, ensuring FedRAMP compliance, data jurisdiction, and interconnection agreements. Provide detailed documentation to support Security Assessment and Authorization (A&A) processes, including System Security Plans (SSP) and Security Assessment Reports (SAR). Support security remediation activities off hours as required Qualifications A bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field is often required. Some positions may prefer or require a master’s degree for senior roles. 6+ years of experience in information security or related IT field. Endpoint monitoring using BigFix. Relevant certifications demonstrate expertise and commitment to the field including CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CompTIA Security+, or CCSP (Certified Cloud Security Professional). Effective communication skills, both written and verbal, are crucial for documenting processes, explaining technical concepts to non-technical stakeholders, and collaborating with cross-functional teams. Analytical thinking, problem-solving abilities, attention to detail, and the ability to work under pressure are also important traits. Understanding of regulatory compliance requirements (such as HIPAA) and industry standards (ISO 27001, NIST frameworks) is beneficial. Experience with IBM BigFix manage and secure endpoints inclusing virtual, cloud and on prem devices Preferred Federal Consulting Industry Experience Preferred Perks of working at NetImpact Strategies Your health comes first – we offer comprehensive medical, dental, & vision insurance that starts the first of the month after you join the team Invest in your future – 401(k) Plan – Immediately vested employer contributions; no matching required Work hard, play hard – we offer a generous Paid Time Off (PTO) policy, one (1) additional day of paid wellness leave per calendar year, and observeten (10) federal holidays Pawsitively pawesome – Pet Insurance (because our little critters are part of our families, too!) Invest in your education – Tuition reimbursement, internal training programs, & company-sponsored industry certifications! Be part of a dynamic and collaborative work environment recently ranked by The Washington Post as a Top Work Place in 2019, 2021,2022, 2023, & 2024! Have fun and celebrate and give back – Team building activities, community volunteering, quarterly HQ days, wellness events, happy hours, family fun events, and more! About Us NetImpact Strategies Inc. (NetImpact) has been a Trusted Advisor driving impact through digital transformation for the Federal Government for over a decade. We solve complex problems with innovation and agility to create meaningful, transformative, and enduring change. As Trusted Advisors, NetImpact professionals partner with customer agencies to deliver solutions that empower them to not only meet their missions but also realize their strategic vision through agile, outcome-focused solutions addressing both strategic and tactical requirements. We design and implement comprehensive, tailored solutions that are both mindful of the client’s culture and organizational dynamics. NetImpact’s core values and commitment to a customer and results-oriented delivery approach has propelled our growth and enabled us to deliver impactful value across Strategic Consulting, Process Automation, Cloud, DevSecOps, Data and Analytics, and Cyber Security for the Federal Government. Accessibility Note NetImpact Strategies is committed to complying with all applicable provisions of the Americans with Disabilities Act, as amended (“ADA”), and applicable state and local laws. It is NetImpact’s policy not to discriminate against any qualified person or applicant with regard to any terms or conditions of employment on the basis of such individual’s disability. Consistent with this policy of non-discrimination, NetImpact will provide reasonable accommodations to an individual with a disability, as defined in the ADA or applicable law, who has made NetImpact aware of his/her disability, unless doing so would cause undue hardship to NetImpact. If you are an applicant and need reasonable accommodation when applying for job opportunities within NetImpact, or request reasonable accommodation to utilize NetImpact’s online employment application, please View email address on click.appcast.io. #J-18808-Ljbffr NetImpact Strategies