Are you passionate about solving challenging problems?
Do you thrive being a critical part of an elite team of like-minded people?
How would you like for your next career move to take you to the next level?
If any of this sounds appealing, look no further.
The Senior Security Engineer will support a large Federal Government Agency, assisting them in their migration of legacy systems to the AWS C2S Cloud. You will have the opportunity to work as part of a fast paced team of world-class engineers to modernize our customer’s global network, infrastructure and services by applying your A&A skills. You will have the opportunity to shape, influence and enable Cloud Migration Governance security compliance policies and to streamline the traditional RMF process by stewarding DevOpsSec concepts.
- Support ICITE solution and strategic adherence to all aspects of the Information Assurance (IA) program as stipulated by various USG requirements including (but not limited to): Director of Central Intelligence Directives (DCID), Intelligence Community Directive (ICD) 503 and associated NIST publications.
- Preparation of Assessment and Authorization (A&A) documents and procedures.
- Interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel, and government security representatives.
- Subject Matter Expert in Assessment and Authorization using Risk Management Framework (RMF) and/or Intelligence Community Directive (ICD) 503, and DISA Security Technical Implementation Guidance (STIGs)
- Successfully performed A&A at DoD and IC organizations on modern IT systems/architectures, coordinating the process between Security Controls Assessors (SCAs) and development teams, managing and contributing to System Security Plans, Security Control Traceability Matrices, User Acceptance Testing, Software/Security Configuration Management, etc.
- Demonstrated experience working with Xacta, and familiarity with associated policies/procedures and workflows
- A track record of increasing professional responsibility, managing A&A activities independently or as part of a team
- A working knowledge of standard security mechanisms for compliance such as public key infrastructure, encryption, network access control lists, whitelisting, blacklisting, identity and access management, etc.
- A working knowledge of security assessment tools that provide Code and Environment Vulnerability Scanning (i.e. ACAS/Nessus, SCAP, SonarQube, Fortify, etc), Dependency Checking (i.e. OWASP Dependency Checker), Unit/Regression Testing and Code Coverage (Selenium, Cucumber, CloudChecker, Emma, SonarQube, etc).
- Possess and maintain the Certified Information Systems Security Professional (CISSP) or comparable certification
- Understanding of classified IT networks, systems, terminology and the Software Development Life Cycle (SDLC)
- Familiarization with Federal Information Processing Standard (FIPS) 199 and 200, and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems‟, Committee on National Security Systems Instructions (CNSSI) 1253, and NIST SP 800-53 Revisions 3 and 4, SP 800-39, SP 800-30 Create and maintain Plan of Action and Milestones (POA&M) to resolve security findings within a defined schedule as needed.
- Review and develop standard operating procedures and work instructions, as well as other deliverables
- Provide briefings on related security topics
- Creates and fosters a collaborative environment
- Must be able to manage multiple priorities and complex tasks in a dynamic work environment
- Ability to build strong working relationships across all levels of the organization internally and with partners externally
- Experience working in an Agile environment
- Experience with modern "cloud" technologies
- Meet the minimum requirements and have a strong work ethic and willingness to learn
- Are team-oriented, and passionate about security controls
- Are confident and willing to tactfully and respectfully communicate with others
- Are willing to gain a solid understanding of all security requirements and work across multiple teams
- Work well in Agile SCRUM environments
- Can work well with a wide variety of customers and personality types
Security Clearance: Top Secret SCI with Polygraph
So, what does Novetta do?
We focus on three core areas: Cyber, Entity, and Multi-Int Analytics. Our products are focused on processing and analyzing vast amounts of data in these core areas. Our services are focused on helping our customers move from complexity to clarity. At Novetta, we bridge the gap between what our customers think they can do and what they aspire to achieve.
Our culture is shaped by a commitment to our Core Values:
- Integrity: We hold ourselves accountable to the highest standards of integrity and ethics.
- Customer Mission Success: Customer mission success drives our daily efforts—we strive always to exceed customer expectations and focus on mission success beyond contractual commitments.
- Employee Focus: We value our employees and demonstrate our commitment to them by providing clear communications, outstanding benefits, career development, and opportunities to work on problems and technical challenges of national significance.
- Innovation: We believe that innovation is critical to our success – that discovering new and more effective ways to achieve customer mission success is what makes us a great company.
GET A REFERRAL BONUS FOR THE GREAT PEOPLE YOU KNOW!
With our amazing referral program, you could be eligible to earn
outstanding rewards for referring qualified new hires to Novetta.
Novetta is an equal opportunity/affirmative action employer.
All qualified applicants will receive consideration for employment without regard to sex,
gender identity, sexual orientation, race, color, religion, national origin, disability,
protected veteran status, age, or any other characteristic protected by law.