INFORMATION SECURITY SYSTEMS ENGINEER
INFORMATION SECURITY SYSTEMS ENGINEER
Candidate MUST have a TS/SCI with a Poly in order to be considered.
Our client has been the prime on this contract for the last 20 years. The contract is focused on providing systems support for a large Declassification effort. The program manages a ton of paperwork and they ideally would like to move their applications, tools and documents up in the C2S cloud. As part of this, they have a huge effort for the next 12 months to build an Environment that puts all of the Analysts tools into the cloud. This effort is going to take a lot of Software and Data Integration and Data Migration following an Agile, Test Driven Development methodology.
Day to Day Responsibilities:
- Conduct comprehensive evaluations and formal testing of technical and nontechnical IS security features and other safeguards to document a set of system security deficiencies.
- Provide support to System Assessment and Authorization activities by conducting unaccompanied and/or team penetration testing on Information Systems.
- Conduct reviews of assessment artifacts (Assessment Test Plans, System Security Plans, Security Requirements Traceability Matrix, etc.) within the time allotted in NRO Assessment and Authorization process.
- Prepare standardized System Assessment reports within the time allotted in customer Assessment and Authorization process.
- Prepare assessments on hardware and software to document any security vulnerabilities that would be introduced to the customer by using this hardware or software, for review and approval by the USG within the time frame requested.
- Review IT and Security related policies to ensure they are technically accurate and make recommendations to the USG.
- Participate in discussions at the system engineering level to enhance the security of the customer’ s networks.
- Provide technical support in investigating and minimizing real or potential damage resulting from security incidents with USG approval.
- Research, evaluate, integrate, recommend and/or distribute IS security tools and associated documentation required for the assessment and authorization (A&A) process as approved by the USG.
- Investigate, specify, and recommend materials, software, and equipment to the Government that will enhance the capabilities of the Government' s Technical Laboratory.
- Install, configure, maintain, document, and manage all TSB internal IT systems and networks to include software and equipment. Management of the systems includes completion and updates of all required C&A documentation.
- Participate in test-bed efforts to enhance the security of the customer’ s networks.
- Perform technical security assessments of IT systems and networks as part of joint Government security reviews (include but not necessarily limited to, Technical information System Security Review (TISSR) and the customer’ s Security Assessment Program.
- Certification and accreditation (C&A) and/or assessment and authorization (A&A).
- lCD 503 experience
- Must have Security Assessment Testing experience
- Ability to identify needs for testing equipment and gaps in testing capabilities
- Experience conducting Independent Validation and Verification (IV&V) security testing.
- Experience configuring and supporting operating systems, including but not limited to, Windows, Linux, Unix, Mac OS.
- NESSUS scanning tool
- Certified Information Systems Security Professional (CISSP)
- Information Systems Security Engineering Professional (ISSEP)
- DOD Information Technology Security Certification and Accreditation Process (DITSCAP)
- DOD Information Assurance Certification and Accreditation Process (DIACAP)
- Current CISSP or SANS GSEC certification strongly preferred
- Experience utilizing Kali Linux PenTesting Tool(s) in a production environment
- System methodologies including: client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers.
- Software integration of COTS and Government Off-the-Shelf (GOTS) products.
- Practical experience configuring and supporting virtualization platforms, including but not limited to, VMware, Xen, Hyper V.
- Practical experience conducting information system engineering.
- Detecting and preventing computer security compromises in a networked environment.
- Program design and implementation.
- Configuration management.
Job Type: Full Time