Information Systems Security Engineer - McIntire Solutions

• Provide IA security requirements to update system requirement documents
• Coordinate IA matters with other directorates and external partners as necessary
• Perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.

• Validate and verify system security requirements definitions, analysis, and establish system security designs
• Validate proposed software, hardware, firmware, and infrastructure comply with security guidelines, policies, and procedures
• Apply knowledge of IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments.
• Toolkits, SEIMs, LogRhythm, ACAS/Nessus/SCAP, mandatory/role-based access control concepts (e. g. SE Linux extensions to RHEL, PitBull, and Windows), Oracle/MS SQL database security, and Apache/IIS Web server security.
• Support security planning, assessment, risk analysis, and risk management.
• Identify overall security requirements for the proper handling of Government data.
• Contribute to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
• Review certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content.
• Apply system security engineering expertise in one or more of the following: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification, authentication, and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security testing.
• Support security authorization activities in compliance with Information System Certification and Accreditation Process (ICD 503), the NIST Risk Management Framework (RMF) process, and prescribed ICs business processes for security engineering.
• Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of government security policy and enterprise solutions.
• Support the building of security architectures.
• Assess and mitigate enterprise, system, and component security threats/risks throughout the program life cycle.
• Support the Government in the enforcement of the design and implementation of trusted relationships among external systems and architectures.

• Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required. 5 years of ISSE experience may be substituted for a bachelor’s degree.
• 7 years related experience and at least 4 years’ experience as an ISSE on programs and contracts of similar scope, type, and complexity required.
• Security, CISSP or equivalent is required.

• TS/SCI w/Polygraph

• Must be able to remain in a stationary position 50%
• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer
• The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations
• Ability to work in a fast-paced environment.

Powered by JazzHR