Peyton Resource Group
Federal Information Security Engineer FISMA, GRC, NIST; Public Trust (Hybrid) (
Peyton Resource Group, Bethesda, Maryland, United States, 20811
6 month Contract-to-Hire
Contract Rate: $60-67/hr on W2
Salary Conversion: $145-155K, DOE
Location: Bethesda, MD
Hybrid; 3 days/week onsite work is required
Must be a US Citizen or Green Card/Permanent Resident
Ability to obtain a Public Trust Clearance is required
Technical Environment (preferred): CSAM, Splunk, Tenable, Palo Alto, Checkmarx
Summary: Immediate need for a FISMA Information Security Engineer to bridge the gap between technical security controls and federal compliance requirements.
This position involves both
security engineering and governance, risk, and compliance (GRC)
activities,
primarily
centered around the
Federal Information Security Modernization Act (FISMA)
and the
National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
FISMA/NIST Compliance & Documentation, Auditing & Reporting: Implement and Monitor Controls:
Implement, document, and monitor security controls in accordance with
NIST SP 800-53
(Security and Privacy Controls for Federal Information Systems and Organizations). Assessment & Authorization (A&A) Support:
Support the
Authorization
process, including contributing to security assessments, control validation, and evidence gathering to achieve and maintain an
Authority to Operate (ATO) . System Security Plan (SSP) Management:
Assist in the development, maintenance, and update of
System Security Plans (SSPs) , including continuous monitoring strategies and
Plans of Action and Milestones (POA&Ms) . Coordinate and support
Internal & External Security Audits
(e.g., Office of Inspector General (OIG), independent assessors). Reporting:
Generate reports on security control compliance, vulnerability posture, and POA&M status for stakeholders and the Authorizing Official (AO).
Security Engineering & Operations: Control Implementation:
Consult on the configuration and management of security tools and systems (e.g., SIEM, vulnerability scanners, intrusion detection/prevention systems) to effectively enforce NIST 800-53 controls. Vulnerability Management:
Analyze results, prioritize remediation efforts based on risk to the system's security categorization (e.g., FIPS 199), and track POA&M completion. Incident Response:
Participate in security incident response planning and testing activities, ensuring all incidents are documented and handled in compliance with federal reporting requirements. Change Management:
Review system and network change requests to ensure security implications are addressed and maintain the security posture of authorized systems.
Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field Relevant security certifications 3-5+ years of progressive, hands-on experience in Federal IT Security Engineering 2-4+ years of experience focusing on federal compliance (FISMA, NIST RMF) Technical environment: CSAM, Splunk, Tenable, Palo Alto, Checkmarx
About PRG
With 20+ years of success in the staffing industry, Peyton Resource Group focuses on matching talent to the precise needs of our clients. Your success is our commitment, and we back up that commitment by only recommending opportunities that align with your goals. Our candidate-centric approach ensures you are in the drivers seat of your career, and our team of recruiters will partner with you and support you every step of the way.
PRGs dedication to service has been widely recognized throughout the industry. PRG has been awarded ClearlyRateds Best of Staffing award for 10+ years, as well as the Business Journals Best Places to Work in Dallas, San Antonio and Austin.
Technical Environment (preferred): CSAM, Splunk, Tenable, Palo Alto, Checkmarx
Summary: Immediate need for a FISMA Information Security Engineer to bridge the gap between technical security controls and federal compliance requirements.
This position involves both
security engineering and governance, risk, and compliance (GRC)
activities,
primarily
centered around the
Federal Information Security Modernization Act (FISMA)
and the
National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).
FISMA/NIST Compliance & Documentation, Auditing & Reporting: Implement and Monitor Controls:
Implement, document, and monitor security controls in accordance with
NIST SP 800-53
(Security and Privacy Controls for Federal Information Systems and Organizations). Assessment & Authorization (A&A) Support:
Support the
Authorization
process, including contributing to security assessments, control validation, and evidence gathering to achieve and maintain an
Authority to Operate (ATO) . System Security Plan (SSP) Management:
Assist in the development, maintenance, and update of
System Security Plans (SSPs) , including continuous monitoring strategies and
Plans of Action and Milestones (POA&Ms) . Coordinate and support
Internal & External Security Audits
(e.g., Office of Inspector General (OIG), independent assessors). Reporting:
Generate reports on security control compliance, vulnerability posture, and POA&M status for stakeholders and the Authorizing Official (AO).
Security Engineering & Operations: Control Implementation:
Consult on the configuration and management of security tools and systems (e.g., SIEM, vulnerability scanners, intrusion detection/prevention systems) to effectively enforce NIST 800-53 controls. Vulnerability Management:
Analyze results, prioritize remediation efforts based on risk to the system's security categorization (e.g., FIPS 199), and track POA&M completion. Incident Response:
Participate in security incident response planning and testing activities, ensuring all incidents are documented and handled in compliance with federal reporting requirements. Change Management:
Review system and network change requests to ensure security implications are addressed and maintain the security posture of authorized systems.
Qualifications: Bachelor's degree in Computer Science, Information Technology, or a related field Relevant security certifications 3-5+ years of progressive, hands-on experience in Federal IT Security Engineering 2-4+ years of experience focusing on federal compliance (FISMA, NIST RMF) Technical environment: CSAM, Splunk, Tenable, Palo Alto, Checkmarx
About PRG
With 20+ years of success in the staffing industry, Peyton Resource Group focuses on matching talent to the precise needs of our clients. Your success is our commitment, and we back up that commitment by only recommending opportunities that align with your goals. Our candidate-centric approach ensures you are in the drivers seat of your career, and our team of recruiters will partner with you and support you every step of the way.
PRGs dedication to service has been widely recognized throughout the industry. PRG has been awarded ClearlyRateds Best of Staffing award for 10+ years, as well as the Business Journals Best Places to Work in Dallas, San Antonio and Austin.