Peyton Resource Group
Federal Information Security Engineer – FISMA, GRC, NIST; Public Trust (Hybrid)
Peyton Resource Group, Bethesda, Maryland, us, 20811
Federal Information Security Engineer – FISMA, GRC, NIST; Public Trust (Hybrid)
Base pay: $145,000.00/yr - $155,000.00/yr
Director, Recruiting at Peyton Resource Group
6 month Contract-to-Hire
Contract Rate: $60-67/hr on W2
Salary Conversion: $145-155K, DOE
Location: Bethesda, MD
Hybrid; 3 days/week onsite work is required
Must be a US Citizen or Green Card/Permanent Resident
Ability to obtain a Public Trust Clearance is required
Immediate need for a FISMA Information Security Engineer to bridge the gap between technical security controls and federal compliance requirements.
This position involves both
security engineering and governance, risk, and compliance (GRC)
activities,
primarily
centered around the
Federal Information Security Modernization Act (FISMA)
and the
National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) .
FISMA/NIST Compliance & Documentation, Auditing & Reporting
Implement and Monitor Controls:
Implement, document, and monitor security controls in accordance with
NIST SP 800-53
(Security and Privacy Controls for Federal Information Systems and Organizations).
Assessment & Authorization (A&A) Support:
Support the Authorization process, including contributing to security assessments, control validation, and evidence gathering to achieve and maintain an
Authority to Operate (ATO) .
System Security Plan (SSP) Management:
Assist in the development, maintenance, and update of
System Security Plans (SSPs) , including continuous monitoring strategies and
Plans of Action and Milestones (POA&Ms) .
Coordinate and support
Internal & External Security Audits
(e.g., Office of Inspector General (OIG), independent assessors).
Reporting:
Generate reports on security control compliance, vulnerability posture, and POA&M status for stakeholders and the Authorizing Official (AO).
Security Engineering & Operations
Control Implementation:
Consult on the configuration and management of security tools and systems (e.g., SIEM, vulnerability scanners, intrusion detection/prevention systems) to effectively enforce NIST 800-53 controls.
Vulnerability Management:
Analyze results, prioritize remediation efforts based on risk to the system's security categorization (e.g., FIPS 199), and track POA&M completion.
Incident Response:
Participate in security incident response planning and testing activities, ensuring all incidents are documented and handled in compliance with federal reporting requirements.
Change Management:
Review system and network change requests to ensure security implications are addressed and maintain the security posture of authorized systems.
Qualifications
Bachelor's degree in Computer Science, Information Technology, or a related field.
Relevant security certifications.
3-5+ years of progressive, hands‑on experience in Federal IT Security Engineering.
2-4+ years of experience focusing on federal compliance (FISMA, NIST RMF).
#J-18808-Ljbffr
Director, Recruiting at Peyton Resource Group
6 month Contract-to-Hire
Contract Rate: $60-67/hr on W2
Salary Conversion: $145-155K, DOE
Location: Bethesda, MD
Hybrid; 3 days/week onsite work is required
Must be a US Citizen or Green Card/Permanent Resident
Ability to obtain a Public Trust Clearance is required
Immediate need for a FISMA Information Security Engineer to bridge the gap between technical security controls and federal compliance requirements.
This position involves both
security engineering and governance, risk, and compliance (GRC)
activities,
primarily
centered around the
Federal Information Security Modernization Act (FISMA)
and the
National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) .
FISMA/NIST Compliance & Documentation, Auditing & Reporting
Implement and Monitor Controls:
Implement, document, and monitor security controls in accordance with
NIST SP 800-53
(Security and Privacy Controls for Federal Information Systems and Organizations).
Assessment & Authorization (A&A) Support:
Support the Authorization process, including contributing to security assessments, control validation, and evidence gathering to achieve and maintain an
Authority to Operate (ATO) .
System Security Plan (SSP) Management:
Assist in the development, maintenance, and update of
System Security Plans (SSPs) , including continuous monitoring strategies and
Plans of Action and Milestones (POA&Ms) .
Coordinate and support
Internal & External Security Audits
(e.g., Office of Inspector General (OIG), independent assessors).
Reporting:
Generate reports on security control compliance, vulnerability posture, and POA&M status for stakeholders and the Authorizing Official (AO).
Security Engineering & Operations
Control Implementation:
Consult on the configuration and management of security tools and systems (e.g., SIEM, vulnerability scanners, intrusion detection/prevention systems) to effectively enforce NIST 800-53 controls.
Vulnerability Management:
Analyze results, prioritize remediation efforts based on risk to the system's security categorization (e.g., FIPS 199), and track POA&M completion.
Incident Response:
Participate in security incident response planning and testing activities, ensuring all incidents are documented and handled in compliance with federal reporting requirements.
Change Management:
Review system and network change requests to ensure security implications are addressed and maintain the security posture of authorized systems.
Qualifications
Bachelor's degree in Computer Science, Information Technology, or a related field.
Relevant security certifications.
3-5+ years of progressive, hands‑on experience in Federal IT Security Engineering.
2-4+ years of experience focusing on federal compliance (FISMA, NIST RMF).
#J-18808-Ljbffr