Principal Cyber Security Engineer

Herndon, VA
Jan 12, 2017
Apr 26, 2017
Engineering, Security
Full Time
This position will at times support activities in order to target; assess; exploit and report risks and vulnerabilities of organization systems in order to provide senior decision makers with actionable data to make strategic investment decisions. The engineer coordinates planning; scheduling; and testing of projects in the Certification and Accreditation (C&A) / Authorization & Accreditation (A&A) process. The engineer will produce actionable correspondence to provide insight for further analysis and response within the customer's division and to external customers. The duties include examining the customer information systems to determine if vulnerabilities exist and; if they are found; what mitigating strategies can be applied. The end goal is to ensure the integrity of the information systems by identifying and mitigating potential avenues of exploitation; including system level attacks and user level attacks.

Roles and responsibilities include but are not limited to; Conduct hands-on security testing; analyze test results; document risk; and recommend countermeasures. Provide targeting insight to team members based upon active vulnerability assessments. Provide documentation which describes all identified system risks; planned test procedures taken and test results. Provide enhancement capabilities and SOPs to assessment operations for execution and implementation. Review and make recommendations on program-level documentation (e.g.; requirements specification; system architecture; design documents; test plans and security plans. Develop and document security evaluation test plan and procedures. Assist in researching; evaluating and developing relevant Information Security policies and guidance. Actively participate in or lead technical exchange meetings and application review boards; documenting actions items/results of these events. Brief management; as needed; on the status of action items and/or results of activities. Coordinate with other program elements conducting security testing. Identify mitigating countermeasures to identified threats; vulnerabilities and shortfalls. Identify needs for testing equipment and gaps in testing capabilities; conduct research on and evaluation of automated testing tools and provide summaries and reports on the tool capabilities; in support of potential procurement. Develop; assemble; and submit C&A/A&A testing results reports that document testing activity and results to support the creation of risk assessments and approval packages. Work with stakeholders as well as technical and analytical counterparts to define constraints; and develop requirements and concept of operations documentation. Work with stakeholders to identify best-fit technical solutions for business unit needs. Identify technical risks and develop mitigation strategies. Provide assistance to project or program teams. Provide conceptual design; prototype; and test cycles appropriate to a chosen technical solution. Identify and manage dependencies with other systems and elements of the IT infrastructure. Evaluate industry offering to identify products and technologies with the potential to support the design. Record lessons learned; processes and procedures; and other pertinent quality topics in appropriate formats. Education Bachelors (B.S.) degree or equivalent experience in Computer Science; Information Systems; Engineering; or other related scientific or technical discipline Qualifications 8-10 years of experience in cyber security systems engineering.

1. At least two years of demonstrated on-the-job experience with vulnerability assessment tools and cyber security engineering

2. At least two years of demonstrated on-the-job experience performing network security analysis

3. At least two years of demonstrated on-the-job experience with network architectures and network management tools

4. Demonstrated on-the-job experience performing technical tasks in pursuit of overall goals with minimal direction

5. At least two years of demonstrated on-the-job experience creating systems and applications security test plans and performing hands-on security testing leveraging adversarial tactics

6. Demonstrated on-the-job experience with risk management methodologies

7. At least two years of demonstrated on-the-job experience analyzing test results and suggesting mitigation plans for security problems

8. Demonstrated on-the-job experience with system configuration; development and design specifically around enterprise and small organizational systems

9. At least five years of demonstrated on-the-job experience with Linux; Windows and virtual platforms

As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.