Description

Markon is building a talent pool of Information System Security Engineers (ISSEs) to support our IC client from Chantilly, VA. The ideal candidate will have in-depth knowledge and experience with secure systems engineering, firewall administration, NIST/FISMA/RMF standards, and

Responsibilities

• Perform Information System Security Engineering (ISSE) activities throughout the system development lifecycle in accordance with NIST SP 800-160, NRO RMF requirements, and applicable cybersecurity directives.
• Capture, refine, and document information protection requirements and ensure their integration into system acquisitions, engineering activities, and development efforts.
• Integrate security functional requirements into acquisition lifecycle phases, program milestones, engineering documentation, and system development processes.
• Assess cybersecurity risks, identify mitigation strategies, evaluate residual risk, and provide risk-based recommendations to stakeholders.
• Support Risk Management Framework (RMF) activities, including system categorization, control implementation, assessment support, authorization support, and continuous monitoring activities.
• Develop and maintain cybersecurity documentation supporting RMF and Assessment & Authorization (A&A) activities, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), risk assessments, and related artifacts.
• Evaluate proposed system changes, technology integrations, and engineering solutions to determine cybersecurity impacts and recommend appropriate security requirements.
• Support the design, development, implementation, integration, and sustainment of secure information systems and information assurance architectures.
• Analyze system and network architectures to identify security requirements and recommend protections that support confidentiality, integrity, availability, authentication, and non-repudiation.
• Recommend security architectures and engineering solutions that align with mission objectives, performance requirements, and cybersecurity best practices.
• Conduct technical assessments to identify vulnerabilities, threats, and risks affecting enterprise, cloud, network, and mission systems.
• Support vulnerability management activities, including vulnerability analysis, remediation planning, risk evaluation, and implementation of corrective actions.
• Assess and recommend security controls, common controls, and compensating controls to address identified security requirements and risks.
• Support the integration and implementation of Cross Domain Solutions (CDS) and coordinate with relevant stakeholders to ensure compliance with organizational processes and authorization requirements.
• Apply Information Assurance (IA) and cybersecurity principles in support of enterprise IT systems, communications systems, cloud environments, and mission networks.
• Support configuration management activities to maintain the security posture of hardware, software, operating systems, applications, and infrastructure components.
• Participate in system testing, integration testing, security validation activities, and engineering reviews to verify security requirements have been properly implemented.
• Collaborate with system engineers, program managers, security control assessors, authorizing officials, and other stakeholders to support system authorization and cybersecurity objectives.
• Research emerging cybersecurity threats, vulnerabilities, technologies, and countermeasures and provide recommendations to improve system security and resiliency.
• Participate in Integrated Product Teams (IPTs), engineering working groups, cybersecurity reviews, and technical forums to support mission and program objectives.
• Support resilient system design and cybersecurity best practices that enable systems to operate through disruption, degradation, or hostile activity.

Qualifications

Minimum Qualifications:

• An Active TS/SCI with a Counter Intelligence Poly (highly preferred from this client)
• Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, Information Systems, Computer Engineering, or a related technical field.
• Minimum of three (3) years of experience supporting Information System Security Engineering (ISSE), cybersecurity engineering, information assurance, risk management, or related cybersecurity disciplines.
• Current Information Assurance Management (IAM) Level II or equivalent qualifying certification in accordance with contract requirements.
• Experience supporting cybersecurity activities throughout the system development lifecycle.
• Knowledge of Risk Management Framework (RMF), NIST cybersecurity guidance, and Assessment & Authorization (A&A) processes.
• Knowledge of cybersecurity principles, information assurance concepts, systems security engineering methodologies, and secure system design practices.
• Experience evaluating security requirements, implementing security controls, and supporting cybersecurity compliance efforts.

Desired Qualifications:

• Knowledge of ICD 503 and Intelligence Community authorization processes.
• Experience supporting NRO, Intelligence Community, Department of Defense, or National Security systems.
• Experience developing RMF authorization packages and supporting Authority to Operate (ATO) efforts.
• Experience supporting cloud security, virtualization technologies, or enterprise infrastructure environments.
• Experience supporting Windows, Linux, Unix, and macOS operating environments.
• Experience integrating Commercial Off-The-Shelf (COTS) and Government Off-The-Shelf (GOTS) technologies.
• Experience supporting Cross Domain Solutions (CDS), ICS/SCADA systems, or space system cybersecurity activities.

Salary RangeUSD $150,000.00 - USD $180,000.00 /Yr.The Markon pay range for this position is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.