The Security Engineer interacts with General Dynamics Mission Systems clients to recommend and provide information assurance solutions. Counsel will be based on the employees understanding of the way various products and services interrelate. The selected employee will develop various documentations, including security plans in compliance with Information Assurance policy. It is also the responsibility of the Security Engineer to conduct risk assessments. Additional Responsibilities
- To support system development by adding security rigor to the design, assessing the security posture and hardening dynamic operating environments
- Act as the main security interface with integration and/or development team to solve complex security problems while adhering to prescribed NIST 800 Special Publication series
- Collaborate with the team to perform security control assessment activities as the project evolves in the systems engineering life cycle in accordance with NIST 800-53 and CNSS 1253
- Conduct research and perform security analysis on the impacts of system designs, modifications and technological initiatives
- Review security architecture design to determine level of security compliance
- Perform automated verification of DISA STIGs and other security benchmarks against web and appliance configurations
- Conduct vulnerability and compliance assessments on various web applications and various appliances and collaborate with the team to ensure vulnerability mitigation.
- Execute the source code analysis on developed applications and coordinate the remediation steps with software developers
- Document the security posture in the prescribed security design deliverables: Security Controls Traceability Matrix, System Design Document, System Administration Guide and other SELC documentation.
- Coordinate with the team and represent the security interest of the project through various forums: daily stand up meetings and weekly working groups
- Worked with the following tools: Nessus, Foundstone, Retina, Fortify, App Scan and Brakemen
- Familiarity with the following technologies: Java, Ruby, Perl, Microsoft Operating Systems, Red Hat Enterprise Linux, VMWare, Oracle, SQL Server, PKI, Encryption, TCP/IP networks, Access control models, network and security monitoring tools, and Cross Domain Solutions