LOCATION
Chantilly, VA
CLEARANCE
Required: TS/SCI Full Scope Poly Clearance
Description
We are seeking an Information Systems Security Engineer to support one of our mission critical programs. In this position, you will serve as the liaison between Agile development teams, the Information Systems Security Manager, and various mission partners; helping bridge the gap between security requirements/policies and technical implementation. To be successful you must experience completing A&A relevant documentation (concept of operations, system security design, system security plan, implementation plans, operational procedures, training materials, etc.) as well as hands on experience working with teams to help review and address Nessus and AppDetective scan findings in order to obtain a favorable Authority to Operate (ATO).
This position will include a variety of activities, including:
- Working with development teams to perform architectural design, integration, installation, configuration, testing/administration of systems and capabilities to support the scanning, monitoring, and reporting of requirements
- Assisting with the design, development, integration, testing, implementation, development and operations & maintenance (O&M) of tools for automation of security testing in support of existing as well as new Assessment and Authorization (A&A) requirements
- Integrating, installing, configuring, testing, and administering tools and capabilities to implement A&A business processes, workflow, security control mappings and reporting
- Working with security assessors to answer questions, provide justification, and provide required updates in a timely manner
- Developing and implementing security baselines for Linux and Windows operating systems and networking component
- Writing system security plans for existing and new systems
- Assisting with the development of Plan of Action and Milestones (POA&M) that contains appropriate corrective actions for unacceptable risks
- Serving as Subject Matter Expert for A&A process, ensuring teams and management understand each required milestone and tasks necessary to move to the next step
- Implementing a Continuous Monitoring strategy appropriate for systems, leveraging existing tools and incorporating automations where feasible
- Recommending appropriate security measures for all systems to ensure compliance with customer’s security mandates
Education:
Candidate must have one of the following:
- 12 Years of job related experience and High School/GED diploma
- 10 Years of job related experience and Associate’s degree
- 8 Years of job related experience and Bachelor’s degree
- 6 Years of job related experience and Master’s degree
- 4 Years of job related experience and Doctorate
Mandatory Skills:
-
Demonstrated experience providing input into A&A process activities and related documentation
-
Experience working with technical and non-technical personnel to explain technical information
-
Problem solving skills
-
Excellent oral, written, and organization skills
-
Ability to assess existing IT architecture to ensure compliance with current security requirements
-
Ability to evaluate proposed security architecture and designs to ensure compliance with security requirements
-
Ability to collaborate with internal and external mission partners
-
Experience creating security documentation, reviewing scan results, and assisting development teams with responses to Critical and/or High findings
-
Experience tracking and addressing POA&M items
Preferred Skills:
- Experience working on an Agile team
Preferred Certifications:
- Certified Information Systems Security Professional (CISSP)
- Information Systems Security Engineering Professional (ISSEP)
About Us
Restless Software is an equal opportunity employer that provides highly skilled technologists and creative solutions to clients in both the private and public sectors.
