Northern VA
Posted 3 years ago
| Establishes and satisfies complex system-wide information security requirements based upon the analysis of user, policy, regulatory, and resource demands. Supports customers at the highest levels in the development and implementation of doctrine and policies. Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures |
Job Features
| Job Category | Engineer |
| Location | Northern VA |
| Education | Bachelor’s Degree in Computer Science, Engineering, Business, or related field of studies and/or greater than four (4) years equivalent experience. |
| Responsibilities | • Use industry best practices in cyber security and security engineering related to vulnerability management, intrusion. Assist with development and maintain Operational Level Agreements (OLAs) and end-to- end Standard Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with other Government and contractor IT groups. • Develop and maintain a detailed policy matrix mapping Federal, and local policies to the required security controls as identified by National Institute of Standards and Technology (NIST) SP800-53. Documents include but are not limited to: Standard Operating Procedures (SOPs) Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc). • Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems. • Perform continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the cyber security requirements for assigned IT systems. • Work with technical teams to mitigate security control deficiencies for assigned IT systems. Assess the cyber security impact of changes to assigned IT systems. • Conduct self-assessments of security controls, identify weaknesses and track remediation activities in Plan of Action and Milestones (POA&M). • Conduct technical vulnerability assessments and prioritize and track remediation efforts. |
| Knowledge & Skills | • Minimum of 8 years of experience in Cyber Security. • Minimum 4 years’ experience as an ISSE. • Working knowledge of current NIST Federal Information Processing Standards (FIPS) and Special Publications (SP): SP800-18, SP800-37, SP800-53, SP800-53A, SP800-60, FIPS-199, FIPS-201 and FIPS-140-2, and other policies and applications to enterprise IT security. • Ability to plan, organize, and direct long range studies • Strong interpersonal and communication skills • Hands-on Experience using the Cyber Security Assessment Tools |