Information Systems Security Engineer
Systems Planning & Analysis · Redstone Arsenal, AL · 3 wk ago
Information TechnologyFull-time
Responsibilities
- Provide accurate technical evaluations of the equipment, software applications, full systems, or network and documenting the security posture, capabilities, and vulnerabilities against applicable NIST controls.
- Selecting and assessing security controls, timely completion of accreditation packages, formulating and implementing mitigations and maintaining the security posture of systems.
- Must have experience with eMASS and initiating, updating, and maintaining RMF packages.
- Identify, assess, make risk mitigation recommendations, and document system security threats/risks throughout a system’s lifecycle; validate system security requirements; formulate and maintain documentation and system certification and accreditation activities (planning, testing, assessing and coordinating).
- Able to work with system developers to update, maintain, and track RMF and POA&M documentation.
- Documenting preliminary or residual security risks for system operation and manage and approve Authorization Packages.
- Monitoring and evaluating a system's compliance with Department of Defense (DoD) security, resilience, and dependability requirements including performing validation steps, comparing actual results with expected results, and analyzing the differences to identify impacts and risks at the software application, system, and network levels.
- Work with teams to provide solutions and to ensure continued functionality of systems within DoD RMF Framework.
Qualifications
- Associate degree (Engineering, IT or Cyber-related field)
- Meet DoDD 8140 ISSM-Basic certification, education, and experience compliance
- 3+ years of experience with implementing and evaluating DoD STIG requirements, NIST RMF, IAVMs and Cybersecurity assessment tools (ACAS, Nessus, SCC, STIG Viewer)
- Knowledge of the Risk Management Framework (RMF) process and NIST security controls
- Knowledge of information system architecture and standards as they apply to cyber security
- Knowledge of NIST SP 800-160, Systems Security Engineering
- U.S. Citizen
- Must possess and maintain a US Secret security clearance
Desired Qualifications
- Bachelor’s Degree (Engineering, IT or Cyber-related field)
- Top Secret, SCI eligible, security clearance is a plus
- Strong desire to contribute to overall team success
- Excellent written and oral communication skills
- High degree of proficiency in MS Office Suite