Information Systems Security Engineer (S

  • General Dynamics Information Technology
  • Salt Lake City, UT, USA
  • Jul 12, 2021

Job Description

**Type of Requisition:** Regular **Clearance Level Must Be Able to Obtain:** Secret **Public Trust/Other Required:** NACLC (T3) **Job Family:** Information Security GDIT is seeking an **Information Systems Security Engineer** to support a US Air Force program that is playing a major role in strengthening and modernizing America's Strategic Deterrent Force. The position will support a US Air Force program that is playing a major role in strengthening and modernizing America's Strategic Deterrent Force. GDIT will develop and deliver a digital engineering design solution which enables and integrates the program's complete set of data,tools,and model-based systems engineering (MBSE) activities,and makes them available to internal and appropriate external engineering and programmatic stakeholders throughout the program's lifecycle. This effort will culminate in an abstracted,highly transportable environment delivered to the Government,to be instantiated "virtually" on the Government's network infrastructure and updated during the Engineering and Manufacturing Development (EMD) phase of weapon system development. For this effort,GDIT will use cloud-based concepts including IaaS (Infrastructure as a Service); PaaS (Platform as a Service); and SaaS (Software as a service). **DUTIES and RESPONSIBILITIES:** **As the Information Systems Security Engineer (ISSE) some of your duties are but are not limited to the following:** + Perform and review technical security assessments of computing environments to identify points of vulnerability,non-compliance with established information assurance (IA) standards and regulations,and recommend mitigation strategies + Validate and verify system security requirements definitions and analyze and establish system security designs + Manage and maintain a library of security audit tools,and corresponding processes that can be used for system security testing,internal audits,incident response,and diagnosis of security-related system issues. + Provide expert level consultation and technical services on all aspects of Information Security + Perform security research,analysis,and design for cloud computing environments and the network infrastructure + Responsible for the prevention,detection,investigation,and response with respect to security threats and attacks + Facilitate and manage security vulnerability assessments and penetration tests + Plan and oversee configuration changes for security related changes affecting the infrastructure platform + Develop,implement,and document formal security programs and policies throughout the environment and monitors compliance to the established policies and procedures + Lead the technical aspects of internal security audits and investigations + Assess Information Protection Effectiveness by focusing on the effectiveness of the information protection whether the system can provide confidentiality,integrity,availability,authentication,and nonrepudiation for the information it is processing that is required for mission success + Evaluate Commercial off the Shelf (COTS) and Government off the Shelf (GOTS) technologies - systems,applications,and services -against the Activity's INFOSEC and Cybersecurity requirements and needs + Conduct INFOSEC and Cybersecurity assessment testing and reporting in accordance with the RMF and NIST 800 53; identifies deficiencies and documents them as Plans of Actions and Milestones (POA&Ms) and provides recommendations for solutions in line with best practices and security industry standards + Define System Security Requirements by developing the system security context,Security Concept of Operations {CONOPs),and Security Requirements Baselines from the gathered Customer and Stakeholder and DoD requirements **Security Policy Proficiency** : + Manages cloud environment security configurations,alerting and analytics + Collaborates with Business Analysts and stakeholders to respond to NIST 800 RMF controls and understand customer's requirements + Ensures documentation is created and remains updated for RMF compliance and continuous monitoring + Collaborates with admins and developers to ensure teams are meeting system authorization objectives of the environment while maintaining or updating established technical and architectural standards and practices + Stays current with DoD policies and provides recommendations for new or updates to local policies,procedures and standards based on NIST 800-53 standards,organization changes,and best practices. + Provides in a timely manner,a Policy Change Summary Report for the development of new or updated policies,procedures,standards,strategies,network architecture,etc. + Experience with cert management and DNS services + Understanding of cloud automation,cloud configuration management and cloud orchestration,Infrastructure as Code (Jira,Jenkins,Ansible,Kubernetes,etc.) + Experience with cloud containerization and cloud orchestration of web services. + Working knowledge of DevOps-like work or experience in a real time operational role **Vulnerability Management Proficiency:** + Utilize ACAS to scan systems,review scan results,develop various vulnerability reports,prioritize vulnerabilities to remediate or mitigate open findings. + Create customized reports to recommend the best course of action to address newly found vulnerabilities. + Disseminate in a timely manner,system scan results to technical team leads to facilitate system patching,remediation,or mitigations. + Develops and tracks Plans of Actions and Milestones (POA&M) items to resolution in support of IA compliance. + Experience with Secure Configuration/Hardening of DoD Information systems using SCC and applicable DISA STIGs + Experience with SIEM and cloud technologies such as Splunk,ArcSight and Elastic Stack (ELK). **Security Assessment and Authorization Proficiency:** + Conducts RMF compliant Security Assessment and Authorization (A&A) in line with NIST and client guidance and directives for new and existing applications,systems,and programs,including evaluation of organizational policies,procedures,and security measures and provide recommendations to system stakeholders for appropriate mitigation techniques or strategies in support of risk acceptance decisions + Maintain eMASS records and RMF artifacts to support system accreditation + Provide monthly status reports of cybersecurity risk assessment activities + In depth knowledge and experience implementing NIST guidance relating to A&A,including System Security Plans,Security Test & Evaluation Plans,Risk Assessments,Contingency Plans,and Business Impact Analysis,and applying applicable standards and guidance to managed systems + Support Achievement of Authority to Test (ATT) and Authority to Operate (ATO) + Identify security control requirements based on system categorization + Maintain system cybersecurity configuration and compliance + Plan vulnerability scanning scheduling to identify vulnerabilities for both pre-production and production environments + Manage and review security logs and managing required mitigation actions + Provide technical direction and guidance to software developers and systems administrators for security related development and engineering tasks + Formulate and develop security related documentation **Required Qualifications:** + **Must have DoD 8570 IAT III Certification** + AWS deployment experience,including IaaS,PaaS,SaaS deployments + Windows Server and Linux administration experience + Expertise in the areas of vulnerability and risk management + Experience with administering cybersecurity scanning technologies using HBSS and ACAS and SCAP Compliance Checker (SCC) + Experience with Kubernetes,ingress/egress gateways,and network routing + Communication skills required in one on one,team,and senior management settings + The ability to work and set priorities on multiple projects/tasks at once and operate in a dynamic,fast-paced team-oriented environment + Performs in Agile/SCRUM development cycle to deliver solutions that help drive RMF authorization activities + Experience with supporting SSE activities in secure processing environments which must adhere to U.S. Government (USG) Information Assurance and Security standards such as the Defense Information Systems Agency (DISA) Security Requirements Guides (SRGs) and Security Technical Implementation Guides (STIGs) + Shall have 3 or more years of hands-on experiencing using common INFOSEC and Cybersecurity tools in direct support of USG and Department of Defense (DOD) security and compliance efforts such as Tenable Nessus and Security Center,McAfee ePolicy Orchestrator (ePO),DISA's Security Compliance Checker (SCC) and Security Content Automation Protocol (SCAP) content + Support the Activity's IT Change Management process by performing technical reviews of proposed and planned changes from the context of INFOSEC and Cybersecurity to identify risks and threats and support the remediation or mitigation prior to implementation + Current Active Secret Clearance + Strong communication skills + Can work independently of direct supervision + Experience in submitting assessment authorization packages through XACTA 360 and/or eMASS. + Experience performing vulnerability scans **Preferred Qualifications:** + Experience with the NIST Risk Management Framework (RMF) + Experience with migration and operation of systems to an Amazon Web Services (AWS) cloud environment + A professional background in Systems Engineering / Cloud Architecture / Software Development + Experience with Cloud Computing Technologies/Amazon Web Services (AWS) + Experience with Agile Software Development + Experience with Oracle Databases + Experience with RHEL + Experience with Windows + CISSP Certification + AWS Certification **Security Clearance:** + Ability to secure and maintain a SECRET security clearance **Travel:** + Possible travel approximately 20% Note: _Travel to and from a secured environment or program meeting may be needed._ \#informationsecurity #ISSE #opportunityowned #kmp #defense #cjobs #dicepost #gdpost #secretpreferred \#AFOpportunities \#GDITPriority We are GDIT. The people supporting some of the most complex government,defense,and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in,integrate,and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground,beside our clients,in the lab,and everywhere in between. Offering the technology transformations,strategy,and mission services needed to get the job done. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race,color,religion,sex,sexual orientation,gender identity,national origin,disability,or veteran status,or any other protected class.