Yesterday
Secret
Senior Level Career (10+ yrs experience)
$160,000
No Traveling
IT - Security
Baltimore, MD (On-Site/Office)
Essential Duties & Job Functions:
1. Review DoD systems (e.g., weapons systems, stand-alone systems, control systems, or any other type of systems with digital capabilities) and technologies below the system level to ensure they are designed, developed, and implemented with required security features and safeguards.
1. Requirements Analysis: Identify the security requirements and constraints of the information system, considering factors such as confidentiality, integrity, availability, and regulatory compliance. Employ best practices when implementing security controls, including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
2. System Design: Incorporate security controls and mechanisms into the system design, ensuring that security is an integral part of the architecture.
3. Implementation and Integration: Implement security controls and integrate them into the information system, ensuring proper configuration and functionality. Coordinate security-related activities with the information security architect, ISSO, ISO, and common control provider.
4. Validation and Testing: Conduct comprehensive security testing and validation to ensure that the implemented controls meet specified requirements and effectively mitigate risks.
5. Operation and Maintenance: Continuously monitor, update, and maintain the security posture of the information system throughout its lifecycle, addressing vulnerabilities and adapting to evolving threats.
2. Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk
3. Ensure that security improvement actions are evaluated, validated, and implemented as required
4. Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s)
5. Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture
6. Identify information technology (IT) security program implications of new technologies or technology upgrades
7. Manage the monitoring of information security data sources to maintain organizational situational awareness
8. Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection
9. Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle
10. Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance
11. Routinely exercises independent judgment and discretion when obtaining and leading confidential advance information of management's position with regard to IT cyber contract negotiations and investments; performing studies that may result in changes of organizational structures or staffing levels requiring labor relation matters.
12. Monitors and audits the schedule, cost, design, analysis, operational performance and/or internal security procedures of national security systems (NSS) and respective classified information, critical infrastructure, mission essential systems (MES), high value assets (HVA) or other USCG information systems.
Mandatory
1. Bachelor’s degree in Computer Science, IT, Engineering, or Mathematics is preferred, but experience may be substituted for degree
2. Recent experience with DHS, DoD, or other government agency in IT to include IA support with 10-15 years’ experience in Information Assurance/Cybersecurity
3. Demonstrated experience with DIACAP and RMF processes
4. Available to get a SECRET Security Clearance
5. U.S. Citizenship
6. Must have Sec+ and CISSP or IAT level iii cert
1. Review DoD systems (e.g., weapons systems, stand-alone systems, control systems, or any other type of systems with digital capabilities) and technologies below the system level to ensure they are designed, developed, and implemented with required security features and safeguards.
1. Requirements Analysis: Identify the security requirements and constraints of the information system, considering factors such as confidentiality, integrity, availability, and regulatory compliance. Employ best practices when implementing security controls, including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
2. System Design: Incorporate security controls and mechanisms into the system design, ensuring that security is an integral part of the architecture.
3. Implementation and Integration: Implement security controls and integrate them into the information system, ensuring proper configuration and functionality. Coordinate security-related activities with the information security architect, ISSO, ISO, and common control provider.
4. Validation and Testing: Conduct comprehensive security testing and validation to ensure that the implemented controls meet specified requirements and effectively mitigate risks.
5. Operation and Maintenance: Continuously monitor, update, and maintain the security posture of the information system throughout its lifecycle, addressing vulnerabilities and adapting to evolving threats.
2. Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk
3. Ensure that security improvement actions are evaluated, validated, and implemented as required
4. Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s)
5. Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture
6. Identify information technology (IT) security program implications of new technologies or technology upgrades
7. Manage the monitoring of information security data sources to maintain organizational situational awareness
8. Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards to ensure that they provide the intended level of protection
9. Identify security requirements specific to an information technology (IT) system in all phases of the system life cycle
10. Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance
11. Routinely exercises independent judgment and discretion when obtaining and leading confidential advance information of management's position with regard to IT cyber contract negotiations and investments; performing studies that may result in changes of organizational structures or staffing levels requiring labor relation matters.
12. Monitors and audits the schedule, cost, design, analysis, operational performance and/or internal security procedures of national security systems (NSS) and respective classified information, critical infrastructure, mission essential systems (MES), high value assets (HVA) or other USCG information systems.
Mandatory
1. Bachelor’s degree in Computer Science, IT, Engineering, or Mathematics is preferred, but experience may be substituted for degree
2. Recent experience with DHS, DoD, or other government agency in IT to include IA support with 10-15 years’ experience in Information Assurance/Cybersecurity
3. Demonstrated experience with DIACAP and RMF processes
4. Available to get a SECRET Security Clearance
5. U.S. Citizenship
6. Must have Sec+ and CISSP or IAT level iii cert
group id: 10508920
