Information Security Specialist, Sr.

1 day left

Location
Aberdeen Proving Grounds, Maryland
Posted
Jul 07, 2022
Closes
Aug 11, 2022
Ref
22252
Function
Administrative
Hours
Full Time
Summary

The Information Systems Security Engineer, Sr. will provide the support task requirements for Cybersecurity System Engineering Support, Cybersecurity Network Domain Certification and Accreditation Support, and Cross Domain Solution (CDS) Assessment and Authorization (A&A) Support. The Information Systems Security Engineer, Sr. will perform the tasks in coordination with government personnel to provide the cybersecurity support services and solutions necessary to build, integrate, enhance, improve, modernize, implement, test, analyze, assess, sustain, and maintain the DCGS-A cybersecurity posture and capabilities.

Responsibilities
  • Leads the evaluation of cyber security risks (external & internal threats, platform & application vulnerabilities, data protection, etc.), testing controls designed to mitigate risk, communicating issues and findings to management, devising solutions for business improvements, and following-up on corrective actions, may participate on and lead professional teams to execute technical audit projects focused on evaluating the effectiveness of cyber security governance, tools and operations, may evaluate the design, effectiveness and efficiency of information technology and security processes, procedures, and technical controls including solution implementations, identify and address systemic gaps in cyber security risk management.
  • Perform all ISSO duties and responsibilities in DODI 8500.01, DODI 8510.01, and AR 25-2.
  • Responsible for ensuring the appropriate operational security posture is maintained for the information system (IS) on multiple security domains and classification to met Intelligence Community (IC), DoD and Army cybersecurity/information assurance regulations and policies
  • Prepare Risk Management Framework (RMF) system accreditation Body of Evidence (BOE) packages using the eMASS, XACTA or other approved A&A tool to include, System Security Plans, Risk Assessment Reports, System Requirements Traceability Matrices (SCTM), and other documentation as required by ICD 503, NIST 800-53, CNSSI 1254 and any additional documentation as determined by the Authorizing Official (AO). Direct experience with eMASS, XACTA or other other A&A repositories required.
  • Develops, reviews, evaluates and verifies self-testing results to validate enclave security requirements in accordance with applicable Intelligence Community, DoD and Army cybersecurity and Information Assurance (IA) regulations, policies and organizational security policies) in Information Systems (ISs) are met. ISs includes Cross Domain Solution Suites (CDSS), Cloud, On-Prem, Tactical, etc., within the program's portfolio.
  • Ensure the appropriate organizational operational security posture is maintained for the assigned Army IS.
  • Ensure Army IS cybersecurity-related documentation is current and accessible to properly authorized individuals. Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.
  • Review and evaluate the effects on security of system changes, including interfaces with other ISs and documents all changes. Develops and reviews necessary change management processes and artifacts to support updates to system A&As.
  • Provide computer system engineering expertise and support for Cross Domain Systems (CDS) and the surrounding endpoint platforms/computing systems.
  • Integrate existing commercial vendor technologies and cross domain transfer solutions into Military Intelligence (MI) systems for secure bridging of disparate security domains.
  • Design, test, and support research and integration efforts of CDS solutions with varying levels of endpoint systems.
  • Troubleshoot network connectivity, protocol interoperability, encryption exchanges, and operating system functionality of the CDSes and surrounding systems using knowledge and experience with SELinux, Linux, and Windows server environments.
  • Perform interoperability testing, dataflow testing, throughput testing, and system performance testing to analyze functionality and propose improvements.
  • Troubleshoot filtering and data inspection/processing methodologies using knowledge of various implementations, like regular expressions (REGEX), C+, Visual Basic (VB), Data Format Description Language (DFDL), and LUA languages.
  • Gather requirements for development of new CDS solutions for emerging MI systems.
  • Provide system configuration documentation, network and system diagrams, and functional test plans for CDS systems.
  • Understand and comply with National Security Agency's Raise The Bar (RTB) and Department of Defense (DoD) implementation and security guidance for CDS and MI systems.
  • Provide support of cybersecurity network domain Certification and Accreditation (C&A) support and execution activities, including DCGS-A network domain operations requirements for the following networks: Joint Worldwide Intelligence Communications System (JWICS), Secret Internet Protocol Router Network (SIPRNET), National Security Agency Network (NSANET), Non-Secure Internet Protocol Router Network (NIPRNET), and other special or specific Coalition networks.
  • Perform compliance reviews of computer security plans, perform risk assessments, and validate and perform security test evaluations and audits.
  • Analyze and define security requirements for information protection for enterprise systems and networks.
  • Analyze the sensitivity of information and perform vulnerability and risk assessments based on defined sensitivity and information flow.
  • Assess security risk, research, and recommend countermeasures in accordance with Army and DoD requirements, and conduct formal security engineering assessments and security assessments.
  • Be an integral member of the team of cybersecurity validators to ensure that US Army systems are compliant with NIST Special Publication 800-53 cybersecurity controls.
  • Support on-site accreditation testing for PM DCGS-A networks at CONUS and OCONUS locations.
  • Other duties as assigned

Qualifications
  • Master's degree in a computer science or a related field (e.g., general engineering, computer engineering, electrical engineering, systems engineering, cyber security, information technology, information security, and information systems) degree required plus 10+ years directly related experience OR
  • Bachelor's degree in a computer science or a related field (e.g., general engineering, computer engineering, electrical engineering, systems engineering, cyber security, information technology, or information security and Information Systems) degree required plus 15+ years directly related experience
  • Demonstrated experience and familiarity with DoD and Army cybersecurity polices and regulations and Certification and Accreditation (C&A) process, including the provisions of ICD 503, the planning and execution of Security Test and Evaluation (STE), and Cybersecurity Test and Evaluation (CTE) events.
  • Must have advanced experience with SELinux, Linux, and Windows server systems.
  • Must have intimate understanding of networking fundamentals and network protocols, like TCP/IP, SSH, SFTP, HTTP, and SCP.
  • Must have advanced experience with Cross Domain Systems, like TACDS, TRESYS, and Forcepoint.
  • Must be able to travel up to 25% of the time
  • DoD 8570 IAM III certified.
  • CompTIA Linux+ or Red Hat Linux Administrator certification within 30 days.
  • TS/SCI clearance required.
  • The position requires a COVID vaccination or an approved accommodation/exemption for a disability/medical condition or religious belief.

Knowledge, Skills and Abilities
  • Fully understand DISA Port Protocol, and Services Management (PPSM) requirement and able to obtain PPSM account for management of PPSM for supporting systems.
  • Ability to quickly comprehend the functions and capabilities of new technologies.
  • Ability to effectively adapt to rapidly changing technology and apply it to business needs.
  • Possess and maintain a valid state operator's license.
  • Ability to work independently without direct supervision or guidance.
  • Ability to occasionally work after hours and/or on-call support.
  • Ability to meet minimum security clearance requirements.

#Chenega Decision Sciences, LLC

#hotjob

Chenega Corporation and family of companies is an EOE.

Equal Opportunity Employer/Veterans/Disabled

Native preference under PL 93-638.

We participate in the E-Verify Employment Verification Program

Similar jobs