What You’ll Get to Do:
You will perform Information System Security Engineering support for various information systems throughout the system development lifecycle. You will have the opportunity to assist in system hardening, prepare comprehensive assessment testing procedures, system scanning, documentation, and support the engineering team by providing direct input on the information system design in order to obtain a successful Authorization to Operate.
More About the Role:
- Execution of the Assessment & Authorization (A&A process in accordance with government requirements (e.g. ICD-503).
- Ensure that accreditation data is maintained within customer databases (e.g. Xacta).
- Conduct research in multiple areas, to include emerging technologies, vulnerability information, system hardening (e.g. STIGs), operating systems, application software and security tools.
- Prepare comprehensive security assessment testing documentation to validate applied security controls in support of Assessment and Authorization (A&A) testing.
- Provide technical guidance focused on information security architecture.
- Generate security accreditation artifacts to include, but not limited to Security Requirements Traceability Matrix, Security Plans, Certification Test Plans, and Continuous Monitoring Plans.
- Track and fulfill liens associated with A&A activities as documented in the Plan of Actions and Milestones.
- Perform vulnerability assessments using standardized tools (Nessus, DISA STIGs) and configuration updates as required to comply with security requirements.
- Performing hardening of operating systems, COTS product and OpenSource products as required to support compliance with security requirements.
- Provide technical engineering services for the support of integrated security systems and solutions
- Assesses and mitigates system security threats, risks and vulnerabilities throughout the program life cycle. Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system operations.
- Participates as a member of a security engineering team that designs, develops, implements, evaluates and/or integrates security architectures, systems or system components.
- Support and interact with customers in the enforcement of the design of security throughout the system life cycle.
- Apply knowledge of IA policies and procedures disseminated by the customers organization.
You’ll Bring These Qualifications:
- An active TS/SCI clearance is required.
- Must have a current certification compliant with DoD 8570 IAM or IAT level 3 OR obtain certification within 6 months of hire and maintain certification throughout employment.
- Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline. Three (3) years of ISSE experience may be substituted for a bachelor’s degree.
- Knowledge and experience in information systems security
- Knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation.
- Ability to develop best practices for processes and standards that will better the system.
- Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).
- Knowledge of security system design tools, methods, and techniques.
- Knowledge of relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure.
- Knowledge of TCP/IP networking technologies, Linux account administration, Linux folder permissions, Patch Management best practices on Operating Systems and applications, known vulnerabilities associated with Windows and Linux platforms.
- Knowledge of virtualization technologies (e.g. VMWare, Docker)
- Knowledge of OSI model and how specific devices and protocols interoperate, including knowledge of protocols, and services for common network traffic
- Knowledge of DoD/IC system security control requirements
- Knowledge and experience with XACTA
- Knowledge of continuous monitoring practices.
- Knowledge of DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and security controls assessment criteria/procedures
- Excellent communication and interpersonal skills required.
- Must be able to efficiently manage time management and workload
- Ability to support a flexible schedule and work in a dynamic, real-time environment with rapidly changing priorities required.
These Qualifications Would be Nice to Have:
- Experience with ICD 503 and working knowledge of Risk Management Framework as outlined in NIST SP 800-37.
- Working knowledge of information system security controls and how to assess their effectiveness per NIST SP 800-53 and NIST SP 800-53A.
- Knowledgeable in continuous monitoring processes as outlined in NIST SP 800-137 appropriate for systems, leveraging existing tools, efforts, and incorporating new automation techniques.
- Knowledgeable in information system vulnerability analysis and management.
- Working knowledge of IT including but not limited to network sub netting.
- Experienced in system testing methodologies that include: Penetration testing, Configuration analysis, Security best practices validation
- Experienced in security testing and penetration tools that include: Backtrack, Assured Compliance Assessment Solution (ACAS), Wireshark, Retina, Tripwire
- Knowledgeable in cyber Incident handling.
- Experienced in using the XACTA application.
- Proficient in the use of Microsoft Application tools (i.e. Excel and Powerpoint).
- Experience within the Intelligence Community