Seeking a Systems Security Engineer responsible for developing, implementing, and evaluating Information Systems (IS) security programs. The ISSO will assist in establishing and documenting standard security procedures in accordance with the DCID 6/3 (ICD 503), NIST and customer specific requirements. Under minimal supervision, the ISSO will coordinate with customer technical and professional staff on system security compliance. The ISSO will be responsible for the drafting of Security CONOPS, System Security Plans and/or System Security Authorization Agreements to satisfy Certification and Accreditation requirements. Conduct periodic reviews to ensure compliance with established policies and procedures. Ensure all software, hardware and firmware changes recorded as required by established configuration management procedures. Implement vendor-supplied authentication, auditing and other security-relevant features. Ensure implementation of security features and IAVA's for the detection of malicious code, viruses, and intruders (hackers), as appropriate. Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures. Assist in performing IS security briefings to authorized individuals prior to those users gaining access classified information systems. Report all security incidents to the ISSM (and the local Site Security Manager) and will be required to investigate, document and report, as well as provide protective and corrective measures in response to such incidents.
Required Skills • Minimum six years related experience in providing support as an ISSO, Security Engineer/Architect or in the information security arena.
o Functional Analysis to create a Security Concept of Operations (SeCONOP) within the context of C&A o Security Requirements Analysis to create a Security Requirements Traceability Matrix (SRTM) o Test Planning to create test plans and procedures to verify compliance with security requirements • Solid understanding of the NSA/CSS Information System Certification and Accreditation process (NISCAP).
- Demonstrated ability to teach others in matters relating to IT security, specifically those without technical expertise.
- Formal training and hands-on experience with implementation of DCID 6/3 (ICD 503), NIST and or similar government regulations.
- Security and auditing knowledge of Windows and UNIX operating systems and a technical understanding of networking and networking components.
- Experience with development and implementation of security baselines for Windows and UNIX operating systems.
- Ability to work independently and in groups. Strong written and verbal communication skills.
- Experience and comfort with speaking in public.
- Experience in writing system security plans for complex information systems; conducting security reviews and conducting system audits • Demonstrated experience applying systems engineering skills to provide documentation for the C&A process to include:
Desired Skills • Direct NISCAP experience.
- Ability to work independently and be a self-starter as well as be a solid group contributor. Professional IT Security certifications (CISSP, etc) a plus. Solid command of the English language with strong written and oral abilities.
We offer a competitive benefits package to include: paid holidays, paid time off, medical, dental, vision, flexible spending account, long and short term disability and company paid life insurance, 401(k) Employee Stock Purchase Plan, referral bonuses and tuition reimbursement.
We are proud to be an EEO/AA employer M/F/D/V. We maintain a drug-free workplace and perform pre-employment substance abuse testing to include background checks.
L-3 Communications - 3 years ago