Cyber Security Systems Engineer- Polygraph

Location
Herndon, VA
Posted
Apr 18, 2017
Closes
May 18, 2017
Industry
Engineering, Security
Hours
Full Time
The Sponsor maintains on-going awareness of Enterprise and Mission information systems, vulnerabilities, and threats to enhance mitigation solutions and risk decisions. This position will at times support activities in order to target, assess, exploit and report risks and vulnerabilities of organization systems in order to provide senior decision makers with actionable data to make strategic investment decisions.


The engineer coordinates planning, scheduling, and testing of projects in the Certification and Accreditation (C&A) / Authorization & Accreditation (A&A) process. The engineer will produce actionable correspondence to provide insight for further analysis and response within the Sponsor’s division and to external customers. The duties include examining the customer information systems to determine if vulnerabilities exist and, if they are found, what mitigating strategies can be applied. The end goal is to ensure the integrity of the information systems by identifying and mitigating potential avenues of exploitation, including system level attacks and user level attacks.


Roles and responsibilities include but are not limited to:


1. Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures. Provide targeting insight to team members based upon active vulnerability assessments.
2. Provide documentation to Sponsor which describes all identified system risks, planned test procedures taken and test results
3. Provide enhancement capabilities and SOPs to assessment operations for execution and implementation
4. Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans and security plans)
5. Develop and document security evaluation test plan and procedures
6. Assist in researching, evaluating and developing relevant Information Security policies and guidance
7. Actively participate in or lead technical exchange meetings and application review boards, documenting actions items/results of these events
8. Brief management, as needed, on the status of action items and/or results of activities
9. Coordinate with other program elements conducting security testing
10. Identify mitigating countermeasures to identified threats, vulnerabilities and shortfalls
11. Identify needs for testing equipment and gaps in testing capabilities; conduct research on and evaluation of automated testing tools and provide summaries and reports to Sponsor on the tool capabilities, in support of potential procurement by the Sponsor
12. Develop, assemble, and submit C&A/A&A testing results reports that document testing activity and results to support the creation of risk assessments and approval packages
13. Work with stakeholders as well as technical and analytical counterparts to define constraints, and develop requirements and concept of operations documentation.
14. Work with stakeholders to identify best-fit technical solutions for business unit needs. Identify technical risks and develop mitigation strategies.
15. Provide assistance to project or program teams. Provide conceptual design, prototype, and test cycles appropriate to a chosen technical solution.
16. Identify and manage dependencies with other systems and elements of the IT infrastructure.
17. Evaluate industry offering to identify products and technologies with the potential to support the design.
18. Record lessons learned, processes and procedures, and other pertinent quality topics in appropriate formats.

Education 1. Bachelors Degree in Computer Science, Engineering or a related technical discipline, or the equivalent combination of education, technical training, or work/military experience.

 2. Masters Degree preferred.

Qualifications Required:

 

1. Bachelor’s (B.S.) degree or equivalent experience in Computer Science, Information Systems, Engineering, or other related scientific or technical discipline

2. At least two years of demonstrated on-the-job experience with vulnerability assessment tools and cyber security engineering

3. At least two years of demonstrated on-the-job experience performing network security analysis

4. At least two years of demonstrated on-the-job experience with network architectures and network management tools

5. Demonstrated on-the-job experience performing technical tasks in pursuit of overall goals with minimal direction

6. At least two years of demonstrated on-the-job experience creating systems and applications security test plans and performing hands-on security testing leveraging adversarial tactics

7. Demonstrated on-the-job experience with risk management methodologies

8. At least two years of demonstrated on-the-job experience analyzing test results and suggesting mitigation plans for security problems

9. Demonstrated on-the-job experience with system configuration, development and design specifically around enterprise and small organizational systems

10. At least five years of demonstrated on-the-job experience with Linux, Windows and virtual platforms10-15 years of related systems engineering experience.

 Desired: 1. Masters (M.S.) degree or equivalent experience in Computer Science, Information Systems, Engineering, or other related scientific or technical discipline

2. At least five years of demonstrated on-the-job experience with public and private information security groups and organizations

3. At least five years of demonstrated on-the-job experience with information security policies and guidance, as well as assisting in researching, evaluating and developing relevant security policies and guidance

4. At least five years of demonstrated on-the-job experience with advanced penetration testing, system exploitation and cyber security engineering

5. Certification in cyber security or penetration testing disciplines

6. At least five years of demonstrated on-the-job experience with the Sponsor's implementation of security directives

7. At least five years of demonstrated on-the-job experience using and customizing software tools that store and parse the data collected, for analysis and reports

8. At least five years of demonstrated on-the-job experience with Sponsor's partners' Information Assurance policies and regulations and how the certification and accreditation (C&A process relates to it)

9. At least five years of demonstrated on-the-job experience communicating vulnerability results and risk posture to senior executives

10. At least five years of demonstrated on-the-job experience exhibiting performing complex technical tasks in pursuit of overall goals with minimal direction   As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.