Job Title: Information Security Systems Engineer Job Code: 11161 Job Location : Palm Bay, FL Job Description : Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards under RMF and derivative processes (DOD 8510, JSIG, ICD-503, CNSSI 1253), to achieve security authorization of supported systems. Represents program security needs, concerns and requirements at customer meetings.
Essential Functions : - Experience in writing and managing RMF body of evidence documents (e.g., System Security Plan (SSP), Security Compliance Traceability Matrix (SCTM), Risk Assessment Report (RAR), Continuous Monitoring (ConMon) Plan, and Security Assessment Plans and Procedures (SAPP)
- Experience with ICD-503 DoDI 8510.01 Risk Management Framework Accreditation Process.
- Experience in Static Application Security Testing (SAST) for Application Security and Development STIG compliance.
- Understanding of security control inheritance in terms of IaaS, PaaS, and SaaS relationships.
- Experience in DoD software selection and approval processes for COTS, GOTS, and FOSS.
- Work closely with program and customer management and act as IA liaison across all engineering and security disciplines.
- Perform functional analysis, timeline analysis, detailed trade studies, requirements derivation and allocation, and interface definition studies.
- Contribute to Information Security Engineering activities pertaining to CDRLs, trade studies, security requirements analysis, secure architecture development, management & compliance with security controls, design review milestones, and security test/verification activities.
- Develop security overlays, data flow diagrams, internal requirements, CONOPs from customer/product requirements.
- Identify security risks, threats, and vulnerabilities of networks, systems, applications, and new technology initiatives.
- Support security engineering activities, including basis of estimate development, requirements development, design, test, configuration management, and maintenance of information systems and data.
- Assist program security in the development of policies and procedures for emerging security technologies.
- Work is 100% on-site and cannot be accomplished remotely
Qualifications : - Education:
- Bachelor's Degree and minimum 9 years of prior relevant experience.
- Graduate Degree and a minimum of 7 years of prior related experience.
- In lieu of a degree, minimum of 13 years of prior related experience.
- Top Secret / SCI security clearance required.
- DOD 8570.01 Certification.
Preferred Additional Skills: - Knowledge of microelectronic packaging.
- Experience vetting commercial microelectronics and lab equipment for Silicon wafer production.
- Reviewing and securing commercial hardware in compliance with DCSA.
- Proficiency in Windows and Linux operating systems.
- Content development and administration of SEIM/audit reduction tools (e.g., Splunk).
- Familiarity with DISA STIG Hardening and other Cyber Defense technologies.
- Experience with A&A package processing in eMASS and Xacta.
- Configuration and use of cyber defense and vulnerability assessment tools such as ACAS and SCC.
- Exposure to non-traditional classified environments.
- Strong understanding of engineering processes, concepts, and information security systems engineering principles (NIST SP 800-160 Vol1).
- Familiarity with system test and evaluation methods and RMF assessment methodology & process.
- Knowledge of system vulnerabilities and exploitation.
- Providing Information Assurance (IA) technical leadership for development teams across multiple disciplines.
- Ability to effectively communicate in a matrix organization.
- Clear and concise briefing skills for technical projects to non-technical audiences.
- Desired certification: DOD 8570.01M IASAE-3.