Senior Security Engineer (Compliance)

Job Description

Job Description

Position Summary

Versar, Inc., is seeking a Senior Security Engineer (Compliance) to support the Department of Homeland Security’s Enterprise Engineering Division (EED) within the Office of the Chief Information Officer (OCIO).

This candidate will be a member of a high functioning team supporting cybersecurity countermeasures to strengthen DHS enterprise and HQ networks, to include the overseeing and providing strategic and tactical direction with security compliance.

This candidate will work directly with team of network and security engineers, data center specialists, ISSOs, industry vendors, and DHS stakeholder groups that includes 20+ DHS Components.

This effort is responsible for providing support for the following Homeland Security Enterprise Network (HSEN) services along with Security Engineering Compliance to include :

• Design and development of cyber security technology along with integration of new architectural features into existing infrastructures while maintaining the integrity and security of enterprise-wide cyber systems and networks.
• Responsibility for DHS Security ATO and RMF compliance support ensuring systems are documented, security control implementation / documentation, self-inspection (STIG / vulnerability / compliance) auditing and issue remediation.
• Strong working relationship with ISSOs and technical teams to ensure NIST Compliance and RMF ATO Security Authorization.

Additional Duties / Responsibilities

• Provide DHS Security Authorization Support
• Assist and support the SOC Security Authorization Process following National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 including, but not limited to, the following elements :
• Security Plan
• Security Risk Assessment
• Security Controls Assessment
• Continuity of Operations Plan (COOP)
• Development of POA&Ms
• Provide assistance and support to the SOC System ISSO, to document that documents and maintains the SOC Security Authorization documentation in the Information Assurance Compliance System (IACS), conducts NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems assessment, and tracks NOSC Cyber (SOC) POA&Ms.
• Develop and document a comprehensive COOP which ensures that the Contractor maintains
• Maintain appropriate NOSC Cyber infrastructure backups, and documents priorities and procedures for re-instantiating critical functions in the event of a failure.
• Test the DHS NOSC Cyber COOP capabilities in conjunction with internal test procedures and the DHS Information Technology Disaster Recovery Plan.
• Provide support to Government management by establishing POA&Ms and process for tracking the correction of internal self-assessment and external audit findings relating to security authorization of NOSC operations and activities.

Minimum Qualifications / Requirements

• At least six (6) years of professional experience in an IT Services environment, providing technical support with emphasis on security compliance for federal networks.
• Prior experience with NIST FIPS Standards, Contingency Plans, Network Infrastructures, Security Impact Analysis, Privacy Impact security Assessments & Analyses, Standard Operating Procedures.
• U.S. Federal government consulting experience preferred.
• Must be resourceful in learning a very complex and dynamically changing network
• Must be able to work independently in fast paced, dynamic environment.
• Past experience within the Department of Homeland Security or other government agency is preferred.
• U.S. citizenship required and eligibility for a DHS EoD is required to be considered for this position.

Education

BS degree in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience

Certifications Desired

Security Certifications : CISSP, CCSP, CISM, GSLC, CISA, CASP, or equivalent

Software / Hardware Desired

• IBM AppScan, HP WebInspect, Nexpose, Splunk, Nessus, HP Fortify, McAfee SECURE, McAfee Virus Scan, Enterprise, ArcSight Sourcefire, Nagios, Saint, Solarwinds, Remedy, Primavera, Xacta, CSAM
30+ days ago