Today
Top Secret/SCI
Unspecified
Unspecified
Fairfax, VA (On-Site/Office)•Greenwood Village, CO (On-Site/Office)
Job Description:
Our client is seeking an Information System Security Engineer (ISSE). The role of the ISSE is to bridge the gap between high level security policies/requirements and technical/operational implementation of those requirements. Candidates should have in-depth understanding of the cybersecurity policies and procedures for Government (DoD, Intelligence Community) sectors information systems and sufficient technical knowledge and experience to implement them. The ISSE will work closely and effectively with the Information System Security Manager (ISSM) ISSM, and the Program Manger on all aspects of their development and implementation programs. Candidates should have in-depth understanding of the cybersecurity policies and procedures for Government sector information systems and sufficient technical knowledge and experience to implement them.
The ISSE will provide guidance, standards, and oversight to the program/development teams as they work towards accreditation and then to maintain the accreditation. The candidate will contribute to the team's successful Assessment and Authorization (A&A) process activities (ICD-503 RMF) and related documentation such as security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability and compliance scanning, and/or vulnerability management plans.
The ISSE will be an experienced System Administrator and Cyber Security Expert. The candidate will be supporting a larger team of developers, engineers, and analysts all charged with expanding, operating, and maintaining information systems built upon hundreds of Linux instances on virtual and bare metal hardware. Team responsibilities include Linux system build automation, network architecture and implementation, all facets of cyber security compliance, deployment and management of core subsystems and services such as DNS, FreeIPA, email, Jira, Elastic Stack, VMware, Veeam. The team also maintains a small number of Windows systems. The ISSE will assume responsibility for ICD-503 RMF process for these multiple information systems including patching, scans, reports, documentation, coordinating plans of actions and milestones, audit log reviews and other related duties.
The ISSE will help determine and recommend appropriate solutions and implementations to help meet program needs. Candidate must possess the ability to communicate effectively and be flexible, adaptable, and willing to take ownership of projects.
Candidate will have several technical areas of primary responsibility depending on experience and will be expected to cross train and support other areas as needed. Superior attention to detail is required. Must exhibit positive attitude and good customer service skills in sometimes stressful situations, such as during outage troubleshooting and resolution.
Required Skills:
Desired Skills:
Education and Experience:
Our client is seeking an Information System Security Engineer (ISSE). The role of the ISSE is to bridge the gap between high level security policies/requirements and technical/operational implementation of those requirements. Candidates should have in-depth understanding of the cybersecurity policies and procedures for Government (DoD, Intelligence Community) sectors information systems and sufficient technical knowledge and experience to implement them. The ISSE will work closely and effectively with the Information System Security Manager (ISSM) ISSM, and the Program Manger on all aspects of their development and implementation programs. Candidates should have in-depth understanding of the cybersecurity policies and procedures for Government sector information systems and sufficient technical knowledge and experience to implement them.
The ISSE will provide guidance, standards, and oversight to the program/development teams as they work towards accreditation and then to maintain the accreditation. The candidate will contribute to the team's successful Assessment and Authorization (A&A) process activities (ICD-503 RMF) and related documentation such as security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability and compliance scanning, and/or vulnerability management plans.
The ISSE will be an experienced System Administrator and Cyber Security Expert. The candidate will be supporting a larger team of developers, engineers, and analysts all charged with expanding, operating, and maintaining information systems built upon hundreds of Linux instances on virtual and bare metal hardware. Team responsibilities include Linux system build automation, network architecture and implementation, all facets of cyber security compliance, deployment and management of core subsystems and services such as DNS, FreeIPA, email, Jira, Elastic Stack, VMware, Veeam. The team also maintains a small number of Windows systems. The ISSE will assume responsibility for ICD-503 RMF process for these multiple information systems including patching, scans, reports, documentation, coordinating plans of actions and milestones, audit log reviews and other related duties.
The ISSE will help determine and recommend appropriate solutions and implementations to help meet program needs. Candidate must possess the ability to communicate effectively and be flexible, adaptable, and willing to take ownership of projects.
Candidate will have several technical areas of primary responsibility depending on experience and will be expected to cross train and support other areas as needed. Superior attention to detail is required. Must exhibit positive attitude and good customer service skills in sometimes stressful situations, such as during outage troubleshooting and resolution.
Required Skills:
- Information Assurance (IA) and Information Security (InfoSec) experience working with Intelligence Community (IC) customers, which includes developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability and compliance scanning, and/or vulnerability management plans. Must have significant expertise in ICD-503 C&A process and documentation preparation.
- Security engineering experience; which includes systems engineering principles, configuration management, supply chain, requirements analysis, system development (software and hardware); network security architecture concepts (topology, protocols, components); and/or IT security principles and methods (firewalls, demilitarized zones, encryption).
- Required experience with ICD-503 security frameworks to include C&A process and documentation preparation. Also desired is experience in NIST SP 800-37, CNSS publications, and other Risk Management Framework (RMF) processes.
- Experience providing continuous monitoring support for information systems to include expertise in USG security compliance processes, scan tools and systems (NESSUS, NMAP, Rapid7, WebInspect, AppDetective, Nipper, ICD-503 RMF, SNOW)
- Advanced problem solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients.
- Experience providing assistance to A&A test and evaluation activities.
- Demonstrated advanced analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interactions.
- Demonstrated ability to work seamlessly with the program and development team to be able to communicate security practices from the development requirements
- Be able to evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives
- Security certification (Security+ or CISSP)
Desired Skills:
- Proficiency with Windows and Red Hat Linux/Unix environments to include Red Hat Certified System Engineer (RHCSE) or equivalent skills. 5+ years' experience as Linux system engineer/admin
- Current or former Cisco Certified Network Associate (CCNA) and CCNA Security or equivalent skills and experience
- Proficient, efficient, and confident in writing and deploying Linux/UNIX scripts for system administration and file management
- Experience with Puppet, Ansible, and/or Foreman
- Experience with SNOW and ServiceNow
- Experience configuring, securing, managing and troubleshooting Linux/Unix systems
- Familiar with source code control tools such as: git, gitlab, cvs, svn
- Experience with log aggregation tools used for audit log purposes from all sources, including Linux and Windows systems, Networking equipment, and applications
- Experience with public key infrastructure (PKI), secure shell (ssh) configuration and troubleshooting, sssd, httpd
- Experience with Amazon Web Services or other cloud technologies
- Experience deploying SAN storage preferably from IBM (GPFS)
- Experience bootstrapping HPE servers, configuring storage, iLO
- Experience deploying enterprise monitoring tools such as Grafana
- Experience with VMware VSAN, vCenter, replication, Veeam backup integration
- Experience with relational database technologies such as Oracle and MySQL
- Advanced writing skills: able to clearly articulate ideas for executive level as well as technical staff consumption
Education and Experience:
- Bachelor's Degree in Computer Science, Information Technology, related field, plus 10 years of experience is desired.
- Must be US Citizen and have an active TS/SCI Clearance with the ability to obtain a CI Polygraphy.
group id: 10290999
