Description :
Position Requires a Top Secret (TS / SCI) Clearance with a Polygraph.
Information Systems Security Engineer for fast-paced DEVOPS, Cyber Security, and Engineering support environment. Candidate must have a familiarity with the Assessment and Authorization (A&A) process and the Risk Management Framework (RMF), ability to research, translate, and help communicate risk information to the project teams and sponsors.
Partner with client stakeholders to provide input and best practice recommendations to inform decision making on security solutions.
Implement and support client-based security mitigations and solutions. The position will partner with other ISSEs and project teams to maintain ATOs and practice continuous monitoring across systems to ensure strong security posture.
Candidate must be able to analyze system configurations, scan results, and audit logs to meet sponsor compliance requirements and identify vulnerabilities and issues.
The ideal candidate will have demonstrated experience supporting systems to policy compliance as well as ConMon requirements such as quarterly scanning, privileged user reporting, POAM management, and audit.
The position requires a team player with good communication and documentation skills. Bachelors’ degree in related field with 3+ years of related experience
or a Bachelor’s degree in unrelated field with 7+ years security engineering experience
Details :
Mandatory Requirements :
Ability to Develop, maintain, and help submit Assessment & Authorization (A&A) packages in accordance with the ICD 503 Rev.
4 policy and Risk Management Framework (RMF)
- Experience performing security engineering tasks and risk analysis on cloud-based systems
- Ability to help provide proper guidance for the application of security controls across the full OSI model stack
- Knowledge of gathering bodies of evidence (BOE) and artifacts for security packages
- Perform system analysis, system audits, system monitoring, security control assessment / testing, risk management
- Experience reviewing vulnerability and compliance reports utilizing OS, Web, and DB scanning tools
- Experience with auditing and monitoring systems utilizing various tools, such as Splunk or similar metrics solutions
- Ability to perform continuous security monitoring and develop strategies for remediation
Optional Requirements :
- Experience working with sponsor cyber assessments team on system assessments
- Experience working in the intelligence community
- Experience with the sponsor’s security tracking applications
- Experience reporting on status to stakeholders on security related tasks and issues
- Demonstrated experience performing continuous security monitoring and developing strategies for remediation
- Demonstrated experience assisting with the design, engineering, and development of highly secure systems built upon Amazon Web Services
- Experience with MFA and ZTA environments