Senior Security Engineer / Continuous Monitoring - VG00896 Job
Senior Security Engineer / Continuous Monitoring - VG00896 (Job Number:424723)Description:Position Description:The Enterprise & Mission Information Technology Business Unit currently has an opening for a Senior Security / Information Assurance Engineer to support a Department of State (DoS) Bureau of Information Resource Management (IRM) program. This program provides transparent, interconnected systems and security supporting the DoS in successfully carrying out its US foreign policy mission. IRM provides enterprise architecture design, engineering, operations and maintenance support services for desktops, servers, networks, firewalls, and enterprise applications across the Department. Program is named "Vanguard 2.2.1" and is an IT consolidation consisting of the Department's servers, mainframes, network devices, network perimeter, anti-virus engineering, public key infrastructure (PKI)/biometrics/encryption, monitoring tools, telephony, mobile computing platform, virtual environment, and enclave design/security engineering.Description of Duties:The position, within the Vanguard 2.2.1 programa€ (TM) s Enterprise Security Office (ESO), will be responsible for designing and implementing NIST 800-53 security controls, CNSSi 1253 and the Department of State secure configuration throughout the system lifecycle.Responsibilities include:-Supporting the system development and maintenance lifecycle by providing guidance on implementation and verifying the secure configuration.-Support the security categorization process, and security controls identification and tailoring process. (RMF steps 1 & 2)-Develop and maintain in-depth understanding of the automated security configuration and verification scripts and manual checklists used by the State Department. (RMF steps 4 & 6)-Provide engineering based input for security controls implementation to the System Security Plan. Design and implement applicable security features through the configuration and change management process. Identify and catalog security architecture patterns in frequent use at the State Department so they can easily be re-used in the design phases of new projects. (RMF step 3)-Identify security requirements and impacts resulting from modifications to the systems, and work with the program management in planning activities. (RMF step 6)-Based on the knowledge gained from the security engineering activities, support the ISSO and the DoS Assessment and Authorization (A&A):-Support the development of various artifacts required such as security categorization, notification of change, revisions to System Security Plan, and the Plan of Action and Milestones (POA&M).-Identify and explain false positives; develop mitigations and articulate compensating controls for near-term and planned implementation; assist in the development of alternative remediation or mitigation strategies to minimize vulnerabilities and risks while minimizing the impact to the system functionality and performance as well as program cost and schedule.-Provide technical subject matter expert (SME) support for coordinating and developing agreements with common control providers, interfacing systems, and their users.Qualifications:TYPICAL EDUCATION AND EXPERIENCE: Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD or JD and four (4) years or more experience.Required Education/Experience:-Bachelora€ (TM) s degree in an information security or engineering field, or equivalent experience; advanced degree preferred.Required Experience/Skills/Attributes:-9+ yearsa€ (TM) experience as an engineer with an information security focus.-Fundamental understanding of risk-based information security management, as well as being knowledgeable of Federal regulations, standards, and guidelines pertaining to information assurance (FIPS, NIST, CNSS). This includes:-Government Certification and Accreditation experience.-Ability to work with the development, integration, and security assessment teams in implementing security controls.-Ability to articulate vulnerability and risk based on technical security posture.-Use security mechanisms and features in products to provide concrete guidance to remediate the findings and develop mitigation plans while being cognizant of system functionality and program management constraints.-Ability to support the development of system level POA&M.-Identifying security architecture and implementation gaps, vulnerabilities, and risks; and develop, test and implement the solutions to address the gaps, and new or updated requirements.-Excellent verbal and written communications skills.-Experience as a security engineer or systems engineer including systems architecture, requirements analysis, integration, and process execution and evaluation-Interpersonal skills including the ability to collaborate effectively, self-awareness, and excellent written and oral communicationsDesired Experience/Skills/Attributes:-Technical SME for-Virtualization and Cloud (VMWare, FedRAMP, and DoD FedRAMP+),-NIST RMF-related standards and DoD CNSS standards-vulnerability notices and standards (CERT, IAVM, ACAS, SCAP, CVE, CVSS, XVMS, XCCDF)-Continuous Diagnostics & Mitigation (ForeScout, RSA Archer, McAfee AC/ePO/PA, Splunk)-directory services (AD, LDAP) o PKI-based identities (CAC / PIV / ECA, MS-Certificate Services, PKCS)-Scripting of custom capabilities (Perl, SED, SoapUI, cURL, etc.) o Security appliances (firewalls, IDS/IPS, load balancers, etc.)-Security certifications such as:-ISACA Certified Information Systems Auditor (CISA)-GIAC Security Expert (GSE) o GIAC Certified Incident Handler (GCIH)-SCP Security Certified Network Architect (SCNA)-(ISC)2 Certified Information Systems Security Professional (CISSP)-ISACA Certified Information Security Manager (CISM)-EC-Council Certified Network Defense Architect (CNDA) or Certified Ethical Hacker (CEH)-Cisco Certified Network Associated (CCNA)-Cisco Certified Network Professional (CCNP)-Microsoft Certified Engineer (MSCE)-ITIL (R) Foundation v3 certification.-Project management experience (PMP is a plus).-Knowledge of secure coding, application security, and ethical hacking.-Understanding and experience with big data, analytics, correlation, and data mining.-Familiarity with DoS environment (data and voice networks, IT security systems, policies and procedures), Foreign Affairs Handbooks (FAHs), Foreign Affairs Manuals (FAMs), Diplomatic Security (DS) configuration standards.-Experience with ACP-127 automated message handling systems (AMHS) and DoS messaging policies / procedures.-Experience working on Microsoft- based, complex systems in the security engineering role using the security features of Windows 2003/2008 Server products, Windows XP/7, IIS, Sharepoint, Exchange, SMS/SCCM, and SQL Server products. Understanding of the inner workings of security configuration using Windows Security Templates, GPOs, and various secure configuration for products within the SMART baseline.-Ability to analyze and troubleshoot system issues due to security configuration. Able to analyze automation scripts determine their functionality and impact.Clearance Requirement:-Must currently possess a SECRET security clearance and be able to obtain a TOP SECRET security clearanceSAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC provides systems engineering and integration offerings for large, complex projects. Headquartered in McLean, Virginia, SAIC has approximately 15,000 employees and annual revenues of about $4.3 billion.EOE AA M/F/Vet/DisabilityJob Posting: Jan 23, 2017, 12:57:36 PMPrimary Location: United States-DC-WASHINGTONClearance Level Must Currently Possess: SecretClearance Level Must Be Able to Obtain: Top SecretPotential for Teleworking: NoTravel: NoneShift: Day JobSchedule: Full-time.