logo

View all jobs

Sr. Information Systems Security Engineer w/ 8 years experience

Annapolis Junction, MD · Information Technology
REQUIRED SKILLS/ABILITIES:
  • TO BE CONSIDERED FOR THIS POSITION YOU MUST HAVE AN ACTIVE TS/SCI W/ FULL SCOPE POLYGRAPH SECURITY CLEARANCE (U.S. CITIZENSHIP REQUIRED)  

At least eight (8) years integrating information assurance disciplines into the system design, development, integration, and implementation;
Identifying Information Protection needs and define System Security Requirements; designing System Security Architecture; developing detailed Security Designs (including system security certifications and project evaluations);
Experienced with Defense in Depth principles and technology including access/control, authorization, Identification and authentication, public key infrastructure, network, and enterprise security architecture;
Developing security plans for employing enterprise-wide security architecture;
Assessing and auditing network penetration testing anti-virus planning assistance, risk analysis and incident response;
Applying security risk assessment methodology to system development, including threat model development, vulnerability assessments, and resulting security risk analysis;
Enforcing the design and implementation of trusted relationships among external agency systems and architectures;
Experienced with the implementation of cross domain solutions (i.e., an information assurance solution that provides the ability to manually and/or automatically access and/or transfer between two or more differing security domains);
Developing security plans for systems that process information with different classifications and categories that simultaneously permits access by users with different security clearances and denies access to users who lack authorization.

Preferred Qualifications

1. Risk Management Framework utilizing (XACTA)
2. Vulnerability Management (Security Scans)
3. Remediation Actions (Plan of Actions and Milestones (POA&M)
4. Documentation Management
5. Configuration Management
6. Security Control Testing (NIST 800-53/CNSS1253)
7. Security Status Reporting:
• Account Management
• Software Assurance
• Event Management (Auditing)
• Malware Protection (Antivirus)
• Security Access Enforcement (PRIVAC)
• Site Visits
• Security Incident Management
• Contingency Plan Management
• Security Relevant changes
8. New/Ongoing Risk Determination and Acceptance
• Authorization/Reauthorization
9. Information System Removal and Decommissioning

 


 

Powered by