Information Systems Security Engineer (ISSE)

Fort Belvoir, VA
Jul 17, 2017
Aug 07, 2017
Engineering, Security
Full Time
Responsibilities: Responsibilities:Implement Information Assurance (IA) processes, provide guidance, and develop documentation throughout the system development life-cycle. Draft briefings, timelines, and design reviews for system development in accordance with prevailing IA regulations and policies.Draft and review documentation for all phases of the security authorization process, for Certification and Accreditation (C&A), required for program initiatives to receive Authorization(s) To Operate (ATO)s, Interim ATOs (IATO)s, Interim Authority To Test (IATT), and Certificates of Networthiness (CON) fro systems that reside on NSANET, NIPRNET, SIPRNET, and JWICS networks.Evaluate hardware design, operating systems, and software applications proposed for programs to ensure that each adequately address IA security requirements and provide confidentiality, integrity, availability, authentication, and non-repudiation. Ensure system designs properly mitigate identified threats/vulnerabilities and facilitate test and evaluation activities to validate as such.Be knowledgeable in IA policy to include AR 25-2 Information Assurance, DoDI 8510.01, DoD Information Assurance Certification and Accreditation Process (DIACAP), Director of Central Intelligence Directive (DCID 6/3), USCENTCOM 25-28 process, and DISA Security Technical Implementation Guides (STIG) and shall keep pace with changing policies and mandates.Coordinate with government Information System Security Officer (ISSO) on preparation of the Security Authorization and Information System Continuous Monitoring packageManage Plan of Action and Milestones (POAMs) and identify, analyze, and propose risk mitigation strategies to facilitate efficient risk mitigation and closureAssess and continuously monitor the effectiveness of mitigation strategiesReview systems security documentation in order to identify potential security weaknesses, recommend improvements to address vulnerabilities, implement changes and document security relevant changesProvide advice and guidance on the application of FISMA requirements for cloud computingMaintain system asset records in Xacta, to include development of system security controls, development and updates to the System Security Plan (SSP), and creation of a Certification Test Plan (CTP).Perform vulnerability and compliance scanning on a monthly basis.Review vulnerability scan results and facilitate the resolution of all high and medium vulnerabilities in a timely manner.Run and review CIS hardening compliance scans and ensure system compliance with the clients baselines; work with system and database administrators to resolve discrepancies.Assess project issues and develop innovative solutions to meet productivity, quality, and client-satisfaction goals and objectives.Develop mechanisms for monitoring project progress and for intervention and problem solving with project and operations managers and system engineers Qualifications: Required:Must have and maintain an Active TOP SECRET SCI security clearanceBachelor's degree in computer science, computer engineering, network security, or equivalent experience, significant domain knowledge and customer intimacyMinimum of 8 years of experience in security engineering, information security, programming or equivalent experience.Experience working with leading firewall, network scanning and intrusion detection products and authentication technologiesExperience with tools such as Splunk, Cenzic, Foundstone, Cenzic, Rapid7, Tripwire, Bladelogic (or comparable tools)Experience working with federal regulations related to information security (FISMA, Computer security Act, etc.)Experience working with NIST Special Publications and A & A process methodologyPossess security certifications (CISSP, CCNA, etc)Other Requirements:Demonstrated capability and success working in team environmentsExcellent written and oral communications, and MS Office applicationsMust be able to travel CONUS and OCONUS locations as neededDesired:Master's degree in pertinent field preferredExperience working with internet, web, application and network security techniquesExperience working with relevant operating system security (Windows, Solaris, Linux, etc.)Army background is preferredKnowledge of IC functional manager's organizations, roles and responsibilities within the current customer intelligence communityLocation: Fort Belvoir, VA

Similar jobs