Yesterday
Top Secret/SCI
Senior Level Career (10+ yrs experience)
Full Scope Polygraph
Engineering - Systems
Herndon, VA (On-Site/Office)
• Lead and plan for new technology insertion by keeping up with new technologies and capabilities such as encryption, transport, networking, and routing, among other duties.
• Support the development or modification of System Security Plans (SSPs), security requirements, and other supporting documentation for the Assessment and Authorization process.
• Assist projects in determining their security requirements by analyzing project's business needs and help evaluate industry offerings to identify products that meet security requirements.
• Develop and implement test plans for commercial off-the-shelf (COTS) and custom developed systems.
• Collaborate with stakeholders to create and perform quality control on Sponsor's partners' RMF body of evidence documentation.
• Review assessment reports and assist projects in identifying security risks (technical and non-technical) and developing effective mitigation strategies such as Plans of Action and Milestones (PoAMs).
• Ensure the project completes mitigation strategies as scheduled to ensure timely delivery to customers.
• Provide security review and approval for changes to accredited systems, such as installation of new software and opening new ports, and determination of Security Relevant Changes.
• Provide security review of network firewall changes.
• Provide security approval for devices being brought into Sponsor Buildings.
• Provide feedback for Sponsor computer incident team to resolve cyber incidents.
• Provide input to improve group processes by recording lessons learned, creating standard operating procedures.
• Ensure all products and administrative documentation is completed and maintained in order to ensure continuity and historical reference.
• Ensure deliverables meet all relevant quality and security standards.
• Maintain the Rapid 7, AppDetective, and WebInspect scanning software, keeping them patched and accessible to AMO systems to meet the scanning requirements.
Qualifications:
• A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.
• The ability to analyze systems, including forensically, for malware, misuse and/or unauthorized activity.
• Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other cybersecurity-related concerns.
• Knowledge of computing design concepts and implementation.
• Knowledge of network defense monitoring and systems.
Desired Qualifications:
• Ability to provide technical cybersecurity guidance.
• Ability to convey technical information to non-technical individuals.
• Ability to create complex system designs, resolve engineering problems, and propose preventative strategies.
• Ability to work in a dynamic and challenging environment.
• Demonstrated experience with the Sponsor's Authorization and Accreditation (A&A) process and the Project Management Framework.
• Demonstrated experience with the Sponsor's diverse information technology infrastructure including operating systems, major application systems, and network architecture.
• Demonstrated experience with: encryption technologies; operating systems; database technologies; networking, including the OSI model, and also including TCP/IP, MPLS, SONET, and Ethernet; routing, switching, firewalls, and data protection; cloud computing; information storage; virtual machine technology; cyber risks, exploits, vulnerabilities, and associated mitigations; conducting security reviews and assessments; information technology and a practical understanding of application, system, and network security best practices; information security policies; identifying and managing information security risks in an enterprise environment; and making reasoned, timely, and fact-based decisions, and conveying reasoning to customers and team members.
• Certified Information Systems Security Professional (CISSP).
• Support the development or modification of System Security Plans (SSPs), security requirements, and other supporting documentation for the Assessment and Authorization process.
• Assist projects in determining their security requirements by analyzing project's business needs and help evaluate industry offerings to identify products that meet security requirements.
• Develop and implement test plans for commercial off-the-shelf (COTS) and custom developed systems.
• Collaborate with stakeholders to create and perform quality control on Sponsor's partners' RMF body of evidence documentation.
• Review assessment reports and assist projects in identifying security risks (technical and non-technical) and developing effective mitigation strategies such as Plans of Action and Milestones (PoAMs).
• Ensure the project completes mitigation strategies as scheduled to ensure timely delivery to customers.
• Provide security review and approval for changes to accredited systems, such as installation of new software and opening new ports, and determination of Security Relevant Changes.
• Provide security review of network firewall changes.
• Provide security approval for devices being brought into Sponsor Buildings.
• Provide feedback for Sponsor computer incident team to resolve cyber incidents.
• Provide input to improve group processes by recording lessons learned, creating standard operating procedures.
• Ensure all products and administrative documentation is completed and maintained in order to ensure continuity and historical reference.
• Ensure deliverables meet all relevant quality and security standards.
• Maintain the Rapid 7, AppDetective, and WebInspect scanning software, keeping them patched and accessible to AMO systems to meet the scanning requirements.
Qualifications:
• A degree (or equivalent experience) in Computer Science, Information Systems, Engineering, Business, or a scientific or technical discipline.
• The ability to analyze systems, including forensically, for malware, misuse and/or unauthorized activity.
• Knowledge of investigation and analysis of all data sources, which may include Internet, Intelligence Community reporting, security events, firewall logs, forensic hard-drive images, and other data sources to identify malware, misuse, unauthorized activity or other cybersecurity-related concerns.
• Knowledge of computing design concepts and implementation.
• Knowledge of network defense monitoring and systems.
Desired Qualifications:
• Ability to provide technical cybersecurity guidance.
• Ability to convey technical information to non-technical individuals.
• Ability to create complex system designs, resolve engineering problems, and propose preventative strategies.
• Ability to work in a dynamic and challenging environment.
• Demonstrated experience with the Sponsor's Authorization and Accreditation (A&A) process and the Project Management Framework.
• Demonstrated experience with the Sponsor's diverse information technology infrastructure including operating systems, major application systems, and network architecture.
• Demonstrated experience with: encryption technologies; operating systems; database technologies; networking, including the OSI model, and also including TCP/IP, MPLS, SONET, and Ethernet; routing, switching, firewalls, and data protection; cloud computing; information storage; virtual machine technology; cyber risks, exploits, vulnerabilities, and associated mitigations; conducting security reviews and assessments; information technology and a practical understanding of application, system, and network security best practices; information security policies; identifying and managing information security risks in an enterprise environment; and making reasoned, timely, and fact-based decisions, and conveying reasoning to customers and team members.
• Certified Information Systems Security Professional (CISSP).
group id: 10314479
