Job Title: Senior Specialist, Information Security Systems Engineer

Job Code: 11512

Job Location: Chantilly, VA

Job Description:

Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards under RMF and derivative processes (DOD 8510, JSIG, ICD-503, CNSSI 1253), to achieve security authorization of supported systems. Represents program security needs, concerns, and requirements at customer meetings.

Essential Functions:

• Experience in Static Application Security Testing (SAST) for Application Security and Development STIG compliance using tools such as Fortify and Gitlab as part of a DevSecOps Continuous Integration/Continuous Deployment (CI/CD) Pipeline, and generation of summary reports.
• Provide leadership and technical execution support of information security activities associated with the assessment and authorization (A&A) of information systems using NIST Risk Management Framework (RMF) (and derivative) processes.
• Assist program security in the development of, policies and procedures for, secure containerization and devsecops technologies and methods.
• Support security certification and vulnerability assessment activities as required, configuring, and using standard cyber defense and vulnerability assessment tools such as ACAS and SCC.
• Support the evaluation, qualification, testing and delivery of security architecture improvement, obsolescence replacement and vulnerability response projects.
• Support information assurance data collection and continuous monitoring activities for assigned information systems.
• Experience in writing and managing RMF body of evidence documents (e.g., System Security Plan (SSP), Security Compliance Traceability Matrix (SCTM), Risk Assessment Report (RAR), Continuous Monitoring (ConMon) Plan, and Security Assessment Plans and Procedures (SAPP).
• Experience in securing operating systems (Windows, Linux, Cisco IOS, etc.), applications (REST API, GMSEC, etc), and databases (MySQL, Mongo, etc).
• Experience with application of Secure Template Implementation Guides (STIGs).
• Familiarity with Continuous Integration/Continuous Deployment (CI/CD), agile system development, and DevSecOps tools and processes.
• Self-motivation, able to work well independently and within inter-disciplinary engineering teams.
• Strong written and oral communication skills.
• Travel up to 10%.
• Classified work must be performed onsite and unclassified work may be performed remotely as available.

Qualifications: 

• Bachelor’s Degree and minimum 6 years of prior relevant experience. Graduate Degree and a minimum of 4 years of prior related experience. In lieu of a degree, minimum of 10 years of prior related experience.
• Top Secret / SCI security clearance required.
• DOD 8570.01M IAT-3 or IASAE-2 certification.

Preferred Additional Skills:

• Vulnerability and compliance scanning for docker containers.
• Experience in the content development and administration of SEIM/audit reduction tools (e.g., Splunk).
• Strong understanding of engineering processes, concepts and information security systems engineering principles (NIST SP 800-160 Vol1).
• System test and evaluation methods and RMF assessment methodology & process.
• Experience in Cyber Defense technologies.
• Experience with CI/CD, agile system development, and DevSecOps tools and processes.
• Understanding of system vulnerabilities and exploitation.
• Top Secret//SCI w/CI Poly is desirable.