Information Systems Security Engineer (ISSE)

US-VA-Alexandria
3 months ago
Company
Noblis ESI
Requisition #
5504
Reg/Temp
Regular Employee
FT/PT/On-Call
Full Time
Security Clearance
Top Secret/SCI
Job Category
Cyber / Information Security Engineering

Responsibilities

Responsibilities:

  • Implement Information Assurance (IA) processes, provide guidance, and develop documentation throughout the system development life-cycle.  Draft briefings, timelines, and design reviews for system development in accordance with prevailing IA regulations and policies.
  • Draft and review documentation for all phases of the security authorization process, for Certification and Accreditation (C&A), required for program initiatives to receive Authorization(s) To Operate (ATO)s, Interim ATOs (IATO)s, Interim Authority To Test (IATT), and Certificates of Networthiness (CON) fro systems that reside on NSANET, NIPRNET, SIPRNET, and JWICS networks.
  • Evaluate hardware design, operating systems, and software applications proposed for programs to ensure that each adequately address IA security requirements and provide confidentiality, integrity, availability, authentication, and non-repudiation.  Ensure system designs properly mitigate identified threats/vulnerabilities and facilitate test and evaluation activities to validate as such.
  • Be knowledgeable in IA policy to include AR 25-2 Information Assurance, DoDI 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), Director of Central Intelligence Directive (DCID 6/3), USCENTCOM 25-28 process, and DISA Security Technical Implementation Guides (STIG) and shall keep pace with changing policies and mandates.
  • Coordinate with government Information System Security Officer (ISSO) on preparation of the Security Authorization and Information System Continuous Monitoring package
  • Manage Plan of Action and Milestones (POAMs) and identify, analyze, and propose risk mitigation strategies to facilitate efficient risk mitigation and closure
  • Assess and continuously monitor the effectiveness of mitigation strategies
  • Review systems security documentation in order to identify potential security weaknesses, recommend improvements to address vulnerabilities, implement changes and document security relevant changes
  • Provide advice and guidance on the application of FISMA requirements for cloud computing
  • Maintain system asset records in Xacta, to include development of system security controls, development and updates to the System Security Plan (SSP), and creation of a Certification Test Plan (CTP).
  • Perform vulnerability and compliance scanning on a monthly basis.
  • Review vulnerability scan results and facilitate the resolution of all high and medium vulnerabilities in a timely manner.
  • Run and review CIS hardening compliance scans and ensure system compliance with the clients baselines; work with system and database administrators to resolve discrepancies.
  • Assess project issues and develop innovative solutions to meet productivity, quality, and client-satisfaction goals and objectives.
  • Develop mechanisms for monitoring project progress and for intervention and problem solving with project and operations managers and system engineers

Qualifications

Required:

  • Must have and maintain an Active TOP SECRET SCI security clearance
  • Bachelor’s degree in computer science, computer engineering, network security, or equivalent experience, significant domain knowledge and customer intimacy
  • Minimum of 8 years of experience in security engineering, information security, programming or equivalent experience.
  • Experience working with leading firewall, network scanning and intrusion detection products and authentication technologies
  • Experience with tools such as Splunk, Cenzic, Foundstone, Cenzic, Rapid7, Tripwire, Bladelogic (or comparable tools)
  • Experience working with federal regulations related to information security (FISMA, Computer security Act, etc.)
  • Experience working with NIST Special Publications and A & A process methodology
  • Possess security certifications (CISSP, CCNA, etc)

Other Requirements:

  • Demonstrated capability and success working in team environments
  • Excellent written and oral communications, and MS Office applications
  • Must be able to travel CONUS and OCONUS locations as needed

Desired:

  • Master's degree in pertinent field preferred
  • Experience working with internet, web, application and network security techniques
  • Experience working with relevant operating system security (Windows, Solaris, Linux, etc.)
  • Army background is preferred
  • Knowledge of IC functional manager’s organizations, roles and responsibilities within the current customer intelligence community

Location: Fort Belvoir, VA

Apply for this job

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed