Capture and refine information security requirements and ensure that the requirements are effectively integrated into information technology component products and information systems through purposeful security architecting, design, development, and configuration. Function as an integral part of the development team to include designing and developing organizational information systems or upgrading legacy systems. Employ best practices when implementing security controls within an information system including; software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques. Coordinate security-related activities with information security architects, senior information security officers, information system owners, common control providers, and information system security officers. Support RMF activities including: select security controls; apply overlays and tailor; and implement control solutions consistent with DoD Component Cybersecurityarchitectures. Support stakeholders on the following: Common Control Identification; document security controls implementation in the security plan; develop and approve Security Assessment plan; conduct initial remediation actions; assess selected controls annually; conduct needed remediation; and updatesecurity plan, SAR and POA&M.
5+ years experience with cybersecurity, information assurance, and certification and accreditation. Bachelor’s degree in a related field. Must be Security+ certified and hold a computing environment certification in accordance with DoD 8570 requirements. Experience in the development of both common user and special purpose command and control/information systems with increasing responsibilities in the scope and magnitude of the systems for which solutions have been implemented. Understanding of security policy advocated by the U.S. Government including Department of Defense and appropriate civil agencies, e.g., NIST. Must be a US Citizen and hold a current Secret clearance.