Senior Specialist, Information Security Systems Engineer

About The Position

Requirements

• Bachelor’s Degree and minimum 6 years of prior relevant experience. Graduate Degree and a minimum of 4 years of prior related experience. In lieu of a degree, minimum of 10 years of prior related experience.
• Must possess an active clearance: TS/SCI CI Poly.
• Must be able to obtain and maintain a DOD 8140 certification (or NIST 800-181), appropriate for the position within 6-months of start.
• Work is 100% on-site and cannot be accomplished remotely.

Nice To Haves

• Recent (within 3 years) CI Poly.
• Familiarity with emerging technologies such as cloud computing, containerization, and microservices, and their security implications (e.g. Understanding of security control inheritance in cloud-based systems.)

Responsibilities

• Apply advanced systems security engineering methods, practices, and technologies to the architecture, design, development, evaluation, and integration of secure systems and networks.
• Collaborate closely with Government customers and internal staff to define, implement, and maintain security protection needs, concerns, and requirements throughout the system lifecycle, ensuring security authorization.
• Design, implement, and manage security controls and configurations for both Linux and Windows systems, including system hardening, vulnerability assessments, and penetration testing.
• Prepare and manage Certification and Accreditation documentation using RMF and derivative processes (e.g., DOD 8510, JSIG, ICD-503, CNSSI 1253) to achieve security authorization of supported systems.
• Conduct Static Application Security Testing (SAST) for Application Security and Development STIG compliance, and navigate DoD software selection and approval processes for COTS, GOTS, and FOSS.
• Configure and manage logging for Linux and Windows systems, ensuring relevant security events are captured and forwarded to Splunk servers for analysis and monitoring.
• Monitor and analyze security logs and alerts from Splunk, investigating potential security incidents and taking appropriate actions to mitigate risks.
• Experience with security tools such as IDS/IPS, vulnerability scanners, and endpoint protection solutions.
• Develop, document, and maintain security policies, procedures, and guidelines for system hardening, configuration management, and emerging security technologies.
• Develop and implement incident plans and procedures to ensure that security incidents are responded to promptly and effectively.
• Perform functional analysis, timeline analysis, detailed trade studies, requirements derivation and allocation, and interface definition studies.
• Contribute to Information Security Engineering activities, including CDRLs, trade studies, security requirements analysis, secure architecture development, compliance with security controls, and security test/verification activities.
• Identify security risks, threats, and vulnerabilities of networks, systems, applications, and new technology initiatives, and support security engineering activities such as basis of estimate development, design, test, configuration management, and maintenance of information systems and data.
• Provide technical guidance, coaching, and training to other employees, and be able to act as an IA liaison across all engineering and security disciplines, ensuring integration of security controls into the system development lifecycle.
• Develop and deliver security training and awareness programs that integrate latest security approaches and standards.