Our client was established in 1989 and is headquartered in Virginia Beach, Virginia. For over 25 years they have been providing professional world-wide services to support government initiatives worldwide. Their key service areas include technical documentation, training development and delivery, multimedia support, and technical system support.
They are currently looking for a Cyber Security System Engineer in Manassas, VA.
Designs, develops, and implements security controls to preserve the confidentiality, integrity and availability of information systems. Provides security engineering expertise to develop security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Performs certification and accreditation activities with government authorities and certification agents to obtain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems.
• Evaluating requirements, selecting/implementing security controls, reviewing installation procedures.
• Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls.
• Tailoring and configuring security controls for specific product use, security assessment plan preparation, test procedure preparation, test execution and reporting.
• Performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS), and performing SCAP security assessment/configuration.
• Provides support as the technical interface with customers, vendors, suppliers, and internal organization for related issues. Identify issues and recommend solutions.
• Conducting verification and validation of test procedures and script changes.
REQUIRED SKILLS AND EXPERIENCE
• Extensive experience assessing and implementing security controls for customer enterprise information systems.
• Experience with TCP/IP and Network domain knowledge.
• Experience with Linux file systems, kernel design, and device-level driver integration.
• Familiarity with using Bash/Shell to produce hardening scripts and workable knowledge of using utilities such as SCAP and ACAS to identify system vulnerabilities.
• Familiarity with DISA STIGS and the ability harden applications (e.g., OS, web server, database, etc.) in accordance with the recommended STIG guidance.
• Ability to effectively communicate with the Certification and Accreditation (C&A) authorities regarding security requirements and their implementation method.
• Candidate must have an active DoD Secret clearance.
• Bachelor’s degree in related discipline, or three to five years equivalent professional experience.
• Proactive/self-starter. Task driven with ability to work independently.
• Team player that takes ownership and develops relationships that fosters team success.
DESIRED SKILLS AND EXPERIENCE
• Experience working in an Agile/Sprint release planning environment including depth of understanding of providing impact analysis on testing as Sprint and releases are introduced to the integration environment.
• Existing certifications (e.g., Security+, CEH, Network+, etc) and CISSP certification.
• Understanding of full system exposure and system wide activity – Integration testing across systems usage flow checks how one program integrates/impacts other components of the system.
• Bachelor's degree or equivalent experience
REQUIRED SECURITY CLEARANCE
• Active DoD Secret clearance
Our Client will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.