Description: Excelity is seeking an Information Assurance/Secuirty Engineer for a project responsible for building the next generation Mission Information Systems for an exciting Government customer with a very critical mission. The candidate will work with the engineering team and customer to ensure successful development of high profile, complex, technical deliverables that are core to the continued success of our award-winning projects.
As an Information Assurance/Secuirty Engineer you will be expected to:
- Design and implement safety measures and controls. Monitor network activity to identify vulnerable points. Address privacy breaches and malware threats.
- Support the Assessment and Authorization (A&A) processes and Information Assurance documentation for multiple analytic and mission systems across all CLINs
- Generate and maintain the complete security Body of Evidence (BoE) while leading the A&A activities according to the Risk Management Framework (RMF) processes (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.) for all multiple information systems
- Author, complete and maintain the System Security Plan (SSP) within XACTA
- Develop the Security Controls Traceability Matrices (SCTM), and the Security Test Plan (STP) procedures within Xacta.
- Analyze existing security systems and make recommendations for changes or improvements
- Prepare reports and action plans in the event that a security breach does occur
- Monitor the network and provide early warning of abnormalities or problems
- Communicate the system status and keep users informed of downtime or changes to the system
- Provide system updates and write code fixes
- Experience working with software developers and architects to understand security requirements
- Experience guiding the application developers on security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements
- Experience creating and managing the plan of action and milestones (POA&Ms), and working with project managers and engineers to develop schedules and engineering actions that mitigate open findings
- Experience supporting the Continuous Monitoring of operational systems; experience monitoring and auditing operational systems for proper use
- Log Review/Analysis using SIEM tools (Splunk, etc.)
- Vulnerability Analysis and Review
- DISA STIGs and STIG Viewer experience
- 5+ years supporting Assessment and Authorization (A&A) and information assurance processes and documentation using RMF, BS degree; 3 years of experience with a masters; an additional 4 years of experience required in lieu of a degree (will consider at higher or lower level with the appropriate years of experience)
- Knowledge of current security risks and protocols
- Willingness to work on-call in the event of a security breech or other emergency
- Good analytic and problem solving skills
- DoD Approved 8570 Baseline Certifications (eg, Security+) certifications
- RMF, Xacta experience
- Bachelor’s degree in an IT-related discipline.
- 5-7 years experience designing, implementing (including installation), managing and operation of Network Appliance systems (i.e., Internet, Net Caching, L-DAP Radius Servers, and Web Proxies).
- Experience with global, multi-vendor hybrid network environments.
- Experience working with AWS/Google cloud-hosted information systems or applications
- Experience working with Redhat or CentOS Linux operating systems
- Experience working in a DevSecOps environment and tool chain
- TS/SCI with CI Polygraph