Cloud Information Security Engineer

Description

SAIC is seeking a Cloud Information Security Engineer to join our Cloud team in support of an IT Service Management effort for USTRANSCOM located at Scott Air Force Base (AFB) in Illinois. The USTC Managed Information Technology Services (MITS) contract provides strategic, technical, and program management guidance and support services to facilitate the operations and modernization of the combatant command's infrastructure, systems, and applications. This support will be provided to the USTC Command, Control, Communications & Cyber Systems Directorate (TCJ6).

Position Overview:

The successful candidate will be responsible for working on high-visibility or mission-critical aspects of a given program and performing all functional duties with some oversight. The work schedule follows standard business hours from Monday to Friday, with potential for after-hours and weekend support during planned or emergency events.

Key Responsibilities:

• Develop and coordinate all authorization documentation associated with Systems Categorization, Systems Security Plan, and Systems risk assessment.
• Support the control assessment, reporting, and monitoring processes using the Cyber Security and Assessment Management (CSAM) system.
• Create and maintain all minor/major modification documentation.
• Maintain all waivers and Risk assessments for the ISSMs.
• Assist the ISSMs with decisions that affect the security of their systems and networks.
• Facilitate preparations for all Contingency/Incident response assessments.
• Perform and document risk assessments, analyzing security vulnerabilities, and developing metrics to measure the risks associated with those vulnerabilities.
• Design and develop comprehensive Systems Security Plans, covering infrastructure, policies, and procedures defining the systems security profile for the enclave systems.
• Review and validate System Test and Evaluation (ST&E) and Interim Authority to Test (IATT) reviews for new and/or legacy systems.
• Conduct NIST-based Self Assessments, identify weaknesses, and develop a Plan of Action and Milestones (POA&M) to address them based on industry best practices.
• Create and track POA&Ms for risk mitigation identified via the ACAS and STIG processes.
• Design and develop Initial Privacy Assessments (IPA) and Privacy Impact Assessments (PIAs) for major Federal Government IT Systems.
• Develop and conduct System Test and Evaluations (ST&Es) and Independent Verification and Validation (IV&Vs) of the security profiles of Federal Government IT Systems.
• Utilize the eMass tool to manage the security profile for the system.
• Utilize the PPSM tool and processes to register ports, protocols, and services in use by the enclaves.
• Ensure compliance with the Risk Management Framework (RMF).

Qualifications

Required Qualifications:

• Bachelor's degree (BA/B/S) and ten (10) years of experience.
• Active DoD Secret clearance.
• IAT Level II certification (one of the following: Security+, CECCNA-Security, CySA+ **, GICSP, GSEC, CND, SSCP).
• At least one Computing Environment (CE) certification or certificate for the technical area of responsibility for Network support/defense (e.g., Splunk, Cisco, McAfee, etc.) OR Operating System (e.g., Microsoft, Linux, Solaris, AWS Cloud Practitioner, AWS Solutions Architect etc.).
• Familiarity with AWS cloud concepts and services.
• Familiarity with DevOps practices in an agile environment.
• Experience with RMF processes and requirements.

Desired Qualifications:

• Master's degree (MA/MS).
• ITIL Foundations (v4 or higher) certification.
• One of the IAM Level II certifications: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP.

Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.