System Security Engineer (ISSO)

Employer
Hybrid Data Security
Location
Quantico, VA
Posted
Oct 10, 2019
Closes
Oct 14, 2019
Ref
394156704
Industry
Engineering
Hours
Full Time
Security Architect (ISSO) HDS is currently seeking a Security Architect (ISSO) to provide test development, documentation, and execution for an enterprise team supporting our largest client. This position is located in Quantico and the surrounding areas of Stafford, Virginia. This position requires an active Top-Secret clearance. Job Requirements: *Assists stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities associated with information systems *Review acquisitions for products as they relate to information security *Identifies, quantifies, and recommends mitigation actions for security risks as they relate to enterprise projects *Supports the certification and accreditation (C&A) process of information systems, to verify and validate conformance to federal and FBI policies, regulations, FISMA compliance and standards, and meet specified security requirements. Support will parallel with OCIO certification testing methodologies and strategies *Reviews system documentation to ensure security requirements are met for the approved proposed system and engineering change requests; and modifications to determine the impact on system security *Evaluates security vulnerabilities with regard to confidentiality, integrity, and availability, and recommend appropriate solutions and/or viable strategies and/or mitigations *Produces management reporting, including appropriate metrics that inform senior leadership as to the state of information risk and exposure *Monitors trends in technology, perform system security analyses and recommend strategies and solutions for improving or enhancing system security *Recommends and advises on standards and procedures that reflect good practice in IT infrastructure management and provide security policy support *Performs multiple IT Security support services associated with functional security testing, vulnerability assessments, and penetration testing. Including Vulnerability, Database, and Web scanning along with Network Mapping *Supports the C&A process of information systems, to verify and validate conformance to Federal and DOJ policies, regulations, FISMA compliance, and standards, and meet specified security requirements *Conducts ongoing security functional requirements testing and security assessments of information system hardware, software, and applications, and overall system architecture, verifying and validating that system security technical and operational controls are in accordance with established security policies, requirements, plans, standards, processes, and procedures *Experience with information system compliance with government standards and industry best practices including, but not limited to NIST, OWASP, Common Criteria, DISA and SANS Institute *Experience with a variety of web application vulnerability and network penetration test tools, including but not limited to, Nmap, Metasploit, and Nessus Preferred Education: *Bachelor's Degree in system engineering, Computer Science, Information Systems, Engineering Science, Engineering Management, or a related discipline Desired Skills and Experiences: *Minimum of at least one (1) certification must be active relating to information security such as Certified Information Systems Security Professional (CISSP), GIAC security certification (eg, GCIH, GWAPT, GPEN, GSLC, etc.), or CompTIA Security +. *Minimum of three (3) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field including: *Knowledge of developing, maintaining and managing Security Authorizations and Assessments packages *Experience with developing and managing Plans of Action & Milestones (POA&Ms) *Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities *Technical experience with reviewing vulnerability scans and providing mitigation techniques. *Experience in conducting annual assessments *Possess experience developing and testing Contingency Plans *Experience with conducting audit log reviews *Experience with NIST Special Publications and guidance *Minimum of three (3) years of working experience with the latest version of Microsoft Office Suite (Word, Excel, and PowerPoint) and SharePoint (User)

Similar jobs