The Lead Information Security Engineer is a member of the Government Services Information Security team that is responsible for delivering security requirements and coordinating information securityrisk assessments to ensure compliance with corporate and/or government policy, standards, procedures and industry best practices. The Lead works with developers, engineers, administrator and system owners to ensure the systems comply with applicable government policies (FEDRAMP, ICD, CNSSI, NIST, DOD, etc). This is done by employing well-defined security policy models, structured, disciplined, and rigorous hardware and software development (and testing and certification) techniques, and sound system/securityengineering principles. Assurance is also based on the assessment of evidence produced during the initiation, acquisition/development, implementation, and operations/maintenance phases of the SDLC (Software Development Life Cycle).
- Perform as the ISSO (Information Systems Security Officer) for Federal systems.
- Develop, implement, review and evaluate System Security Plans, Interconnection Security Agreements, Risk Assessments, Plan of Actions and Milestones (POAM), System Requirements Traceability Matrix (SRTM), Security Assessment Reports, Contingency Plans as well as otherrequired documentation to satisfy Certification and Accreditation (C&A)/Assessment and Authorization (A&A) requirements in accordance with government policies and procedures.
- Achieve and maintain ATO (Authority To Operate), as required.
- Writes BC (Business Continuity)/DR (Disaster Recovery)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems.
- Manages Information SecurityAudits by federal departments/agencies, including third party auditors.
- Experience with security tools (Nessus, HBSS, ACAS, dbProtect, AppScan or similar). Perform scans, review the results, and write necessary reports and plans.
- Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures
- Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures
- Perform IS security briefings, report all security incidents to the ISSM (Information Systems Security Manager), and investigate, document and report, as well as provide protective and corrective measures in response to such incidents
- Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements
- Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
- Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches
- Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements.
- 8+ years of relevant experience with C&A / A&A.
- Undergraduatedegree in Computer Science, Engineering, or related field, or equivalent experience.
- Applicable professional/technical certifications should be in place, or candidate must be willing to pursue such as CISSP, CISM or GSLC.
- Hands on experience using and/or processing reports from vulnerability and security assessment tools (NESSUS, HBSS, ACAS, etc.).
- Must possess broad technical knowledge to understand and verify proper security implementation.
- Excellent oral and written communication skills and experience in presenting security issues to all levels of management, as well as non-technical staff.
- Self-starter with strong self-management skills, with an ability to organize and manage multiple priorities.
- Ability to apply professional judgment in critical thinking and problem solving.
- Team oriented
- Active TS or TS/SCI with current SSBI Security Clearance is required
- Knowledge of varying Information Assurance security policies and procedures (ICD 503, CNSSI 1253, RMF, NIST 800.53 rev3/4, FEDRAMP, DISA SRG).
Bachelors or Equivalent in Computer Science or Engineering General