System Security Engineer (ISSO)

Hybrid Data Security
Quantico, VA
Aug 20, 2019
Aug 23, 2019
Full Time
Security Architect (ISSO)HDS is currently seeking a Security Architect (ISSO) to provide test development, documentation, and execution for an enterprise team supporting our largest client. This position is located in Quantico and the surrounding areas of Stafford, Virginia. This position requires an active Top-Secret clearance.Job Requirements:A cents € cents Assists stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities associated with information systemsA cents € cents Review acquisitions for products as they relate to information securityA cents € cents Identifies, quantifies, and recommends mitigation actions for security risks as they relate to enterprise projectsA cents € cents Supports the certification and accreditation (C&A) process of information systems, to verify and validate conformance to federal and FBI policies, regulations, FISMA compliance and standards, and meet specified security requirements. Support will parallel with OCIO certification testing methodologies and strategiesA cents € cents Reviews system documentation to ensure security requirements are met for the approved proposed system and engineering change requests; and modifications to determine the impact on system securityA cents € cents Evaluates security vulnerabilities with regard to confidentiality, integrity, and availability, and recommend appropriate solutions and/or viable strategies and/or mitigationsA cents € cents Produces management reporting, including appropriate metrics that inform senior leadership as to the state of information risk and exposureA' A cents € cents Monitors trends in technology, perform system security analyses and recommend strategies and solutions for improving or enhancing system securityA cents € cents Recommends and advises on standards and procedures that reflect good practice in IT infrastructure management and provide security policy supportA cents € cents Performs multiple IT Security support services associated with functional security testing, vulnerability assessments, and penetration testing. Including Vulnerability, Database, and Web scanning along with Network MappingA cents € cents Supports the C&A process of information systems, to verify and validate conformance to Federal and DOJ policies, regulations, FISMA compliance, and standards, and meet specified security requirementsA cents € cents Conducts ongoing security functional requirements testing and security assessments of information system hardware, software, and applications, and overall system architecture, verifying and validating that system security technical and operational controls are in accordance with established security policies, requirements, plans, standards, processes, and proceduresA cents € cents Experience with information system compliance with government standards and industry best practices including, but not limited to NIST, OWASP, Common Criteria, DISA and SANS InstituteA cents € cents Experience with a variety of web application vulnerability and network penetration test tools, including but not limited to, Nmap, Metasploit, and NessusPreferred Education:A cents € cents BachelorA cents € (TM) s Degree in system engineering, Computer Science, Information Systems, Engineering Science, Engineering Management, or a related disciplineDesired Skills and Experiences:A' A cents € cents Minimum of at least one (1) certification must be active relating to information security such as Certified Information Systems Security Professional (CISSP), GIAC security certification (eg, GCIH, GWAPT, GPEN, GSLC, etc.), or CompTIA Security +.A cents € cents Minimum of three (3) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field including:A cents € cents Knowledge of developing, maintaining and managing Security Authorizations and Assessments packagesA cents € cents Experience with developing and managing Plans of Action & Milestones (POA&Ms)A cents € cents Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilitiesA cents € cents Technical experience with reviewing vulnerability scans and providing mitigation techniques.A cents € cents Experience in conducting annual assessmentsA cents € cents Possess experience developing and testing Contingency PlansA cents € cents Experience with conducting audit log reviewsA cents € cents Experience with NIST Special Publications and guidanceA cents € cents Minimum of three (3) years of working experience with the latest version of Microsoft Office Suite (Word, Excel, and PowerPoint) and SharePoint (User)