Information Security Engineer

Summary:

Goldbelt Inc. is seeking a highly skilled and motivated Information Security Engineer to join our IT Security team. The successful candidate will play a critical role in safeguarding our organizations information assets designing robust security systems and ensuring compliance with industry best practices and regulations. This role involves a mix of strategic planning handson implementation and ongoing management of security measures to protect our data and infrastructure.

This is a hybrid position that requires working in the Herndon VA office two days per week.

Necessary Skills and Knowledge:

• Strong understanding of security controls specifically NIST
• Documentation and generation of compliance artifacts
• Implementation of Identity Management and Conditional Access Policies
• Design and implementation of SIEM preferably Microsoft Sentinel
• Strong understanding of Cyber Attack methods and preventative measures
• Indepth knowledge of mail flow (Exchange)
• Penetration testing of applications and infrastructure
• Understanding Business Challenges and the impact of implementing security policies
• Ability to embrace change learn quickly and thrive in a dynamic corporate environment
  
• Skill in working harmoniously within crossfunctional teams to achieve common objectives
  
• Ability to prioritize tasks manage multiple projects and meet deadlines
  
• Possesses attention to detail and effective problemsolving skills
  
• Must have the ability to communicate effectively and diplomatically both verbally and in writing with coworkers and with outside agencies partners shareholders and business associates
  
• Strong cultural awareness and sensitivity with the ability to adapt messages and strategies for diverse audiences
  
• Basic understanding of relevant software tools and systems used in the corporate environment. This includes a proficiency in standard software applications including Windows and MS Office Suite (Outlook Word PowerPoint and Excel)

Minimum Qualifications:

• Bachelors degree in computer science cyber security or a related discipline or equivalent experience
• Certified Information Systems Security Professional (CISSP)
• Minimum 4 5 years of experience in information security engineering or a related role
• Experience with security frameworks and standards
• Ability to travel up to 25
• Ability to successfully pass a background check
• Experience developing implementing and enforcing applicable security frameworks and standards including NIST 800171 ISO/IEC 20000/27001 and CMMC security controls
• Must Possess a strong understanding of security controls specifically NIST
• Experience developing and maintaining comprehensive System Security Plans (SSPs) and Plan of Action & Milestones (POA&M) to track and address security vulnerabilities and compliance issues

Preferred Qualifications:

• Certified CMMC Professional (CCP)
• Certified CMMC Assessor (CCA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Ethical Hacker (CEH)
• Previous experience working with Alaska Native Corporations (ANCs) and/or previous exposure to Alaska Native cultures
• Previous government contracting experience
• Certified CMMC Registered Practitioner (RP)

Pay and Benefits

The salary range for this position is $113000 to $140000 annually.

At Goldbelt we value and reward our teams dedication and hard work. We provide a competitive base salary commensurate with your qualifications and experience. Our annual incentive compensation plan is designed to reward your contributions to Goldbelts success. Its a profitsharing initiative tied to our strategic objectives demonstrating that your efforts directly impact our achievements. As an employee youll also enjoy a comprehensive benefits package including medical dental and vision insurance a 401(k) plan with company matching taxdeferred savings options supplementary benefits paid time off and professional development opportunities.

Essential Job Functions:

• Design implement and maintain security systems including firewalls intrusion detection/prevention systems and endpoint protection
• Develop and deploy network security measures such as VPNs encryption and secure access solutions
• Conduct regular vulnerability assessments and penetration testing to identify security risks
• Develop and implement strategies to mitigate identified vulnerabilities and ensure timely patch management
• Assist in investigations and response to security incidents including forensic analysis reporting and remediation efforts
• Assist in developing and maintaining incident response plans and procedures
• Assist in ensuring compliance with relevant laws regulations and standards (NIST GDPR HIPAA PCIDSS)
• Conduct regular risk assessments and audits to evaluate the effectiveness of security measures
• Develop and maintain comprehensive System Security Plans (SSPs) and Plan of Action & Milestones (POA&M) to track and address security vulnerabilities and compliance issues
• Develop implement and enforce applicable security frameworks and standards including NIST 800171 ISO/IEC 20000/27001 and CMMC security controls
• Participate in the development and review of information system security policy and standards
• Support the development and maintenance of system asset lists hardware and software baselines
• Provide detailed securityrelated reports including data analyses and conclusions upon completion of tests scans and assessments
• Verify and document the implementation of security controls necessary to achieve compliance
• Keep management apprised of impending areas of concern verbally and in writing
• Assist in developing various policy documents (SOPs/CONOPs) as required including policies regarding Configuration Management IS Sanitization Media Security Password Policy Business Continuity Incident Response Disaster Recovery and Security Assessments
• Assist in maintaining and maturing existing information security and risk policies
• Initiate and lead ongoing information security maturity assessment processes and training
• Identify and report on key performance indicators for implemented security measures
• Maintain knowledge of the threat landscape by monitoring threat intelligence sources
• Develop implement and enforce security policies procedures and protocols
• Provide training and awareness programs to educate staff on security best practices and protocols
• Review logs of network traffic and system activity for signs of potential security breaches
• Analyze security logs and reports to identify trends anomalies and areas for improvement
• Work closely with IT operations to integrate security into system and software development processes
• Communicate security issues and recommendations to stakeholders including Executives IT staff and endusers