Responsibilities include, but are not limited to:

• Provide IA security requirements to update system requirement documents

• Coordinate IA matters with other directorates and external partners as necessary

• Perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies.

• Validate and verify system security requirements definitions, analysis, and establish system security designs

• Validate proposed software, hardware, firmware, and infrastructure comply with security guidelines, policies, and procedures

• Apply knowledge of IA policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments.

• Toolkits, SEIMs, LogRhythm, ACAS/Nessus/SCAP, mandatory/role-based access control concepts (e. g. SE Linux extensions to RHEL, PitBull, and Windows), Oracle/MS SQL database security, and Apache/IIS Web server security.

• Support security planning, assessment, risk analysis, and risk management.

• Identify overall security requirements for the proper handling of Government data.

• Contribute to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.

• Review certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content.

• Apply system security engineering expertise in one or more of the following: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification, authentication, and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security testing.

• Support security authorization activities in compliance with Information System Certification and Accreditation Process (ICD 503), the NIST Risk Management Framework (RMF) process, and prescribed ICs business processes for security engineering.

• Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of government security policy and enterprise solutions.

• Support the building of security architectures.

• Assess and mitigate enterprise, system, and component security threats/risks throughout the program life cycle.

• Support the Government in the enforcement of the design and implementation of trusted relationships among external systems and architectures.

  Basic Qualifications:

• Bachelor’s degree in Computer Science, Information Assurance, Information Security System Engineering, or related discipline from an accredited college or university is required. 5+ years of ISSE experience may be substituted for a bachelor’s degree.

• 7+ years related experience and at least 4+ years’ experience as an ISSE on programs and contracts of similar scope, type, and complexity required.

• Security+, CISSP or equivalent is required.

  Security Clearance Requirements:

• TS/SCI w/Polygraph

  Physical Requirements:

• Must be able to remain in a stationary position 50%

• Constantly operates a computer and other office productivity machinery, such as a calculator, copy machine and computer printer

• The person in this position frequently communicates with co-workers, management and customers, which may involve delivering presentations. Must be able to exchange accurate information in these situations

• Ability to work in a fast-paced environment.

Powered by JazzHR