Information Systems Security Engineer

Description

SAIC and the Engineering, Development, Integration and Sustainment (EDIS) team are looking for an Information Systems Security Engineer (ISSE) to work with our Space Systems Command (SSC) customer at Kirtland AFB in Albuquerque, New Mexico .

We want you to join our qualified and diverse team of professional Cybersecurity SMEs, where you can apply your talents to take our team to new levels of performance.

You will leverage your subject matter expertise in applications, systems, network cybersecurity, and DoD Risk Management Framework (RMF) requirements to provide expert ISSE support to various satellite ground command and control systems at multiple classification levels, undergoing system modernization to include migration to the cloud and co-hosting multiple mission partners. Steps to success :

• Review all software, hardware, and infrastructure changes on the systems, following the RMF process to support system accreditation.
• Support continuous monitoring and security mitigation.
• Assess NIST 800-53 security controls, DISA Security Technical Implementation Guides (STIGs), and Assured Compliance Assessment Solution (ACAS) scans.
• Author System Security Plans (SSP), NIST 800-53 control implementation plans, and Systems Security Test Plans.
• Create system authorization boundary diagrams encompassing traceability back to Hardware, Software, and Ports Protocols and Services Management (PPSM) lists.
• Participate in the design, development, and implementation of information systems to ensure these systems comply with regulatory security features and safeguards.
• Manage Security Assessment Report (SAR) and its Plan of Actions and Milestones (PO&AM).
• Interact frequently with the appointed Information System Security Officer, Information System Security Manager (ISSM), and / or senior govt leadership.
• Provide clear justification describing the satisfaction all applicable security control implementation as specified by the IC, AO, or NIST-800-53, rev 5.
• Prepare for and assist with formal risk assessments conducted by the AOs designated Security Control Assessors (SCA) while acting as a member of the security assessment team.

Qualifications

Expertise Essentials :

• Have a active Top Secret security clearance with SCI eligibility. Must be able to obtain and maintain a TS / SCI indoctrination and subsequent special access program level read in.
• Bachelor's degree in cybersecurity or related field and 9 years of relevant experience. Can substitute 4 additional years of experience in lieu of degree.
• DoD 8570.1 IAM Level II certifications, e.g., CASP+ CE, CISM, CISSP (or Associate), GSLC.
• Minimum of 5 years RMF Assessment and Authorization (A&A) experience resume must capture supporting evidence.
• Hands on experience with ACAS, Xacta, and eMASS identify date of last active account for each.
• Ability to verbally articulate the intent of all NIST 800-53 security controls as it applies to each program under review.
• Experience analyzing and interpreting outputs of various endpoint security, vulnerability, and enumeration tools (e.g., Tenable Nessus, Security Center, SolarWinds, EndPoint Security Solutions, Vulnerator, SCAP Compliance Checker, etc.).
• Experience developing Security Impact Assessments (SIA) and / or ISSE assessments must be able to complete all assessment parameters for government review.
• Experience working with systems administrators, network engineers, and systems engineers to continually monitor and ensure system compliance.
• Self-motivated and capable of performing tasks with minimal oversight.
• Enthusiastic and energetic performer. Able to work in dynamic, fast-pace, and high visibility environment.
• Strong communication and technical writing skills. Sought-after skill set :
• Active TS / SCI clearance within the past 24 months.
• Experience working at the SCI and SAP level relating to space command and control.
• Able to describe the differences between collateral and SCI system authorization requirements as they apply to DoD and IC instructions and guidelines.
• Understanding of cloud-based technologies and development environments along with security control implementations in those environments.

SAIC accepts applications on an ongoing basis and there is no deadline.

Covid Policy : SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.