IT Systems Security Engineer Job Listing at SAIC in Springfield, VA (Job ID 2510545)

Description

Description

SAIC is seeking a well-qualified Security Engineer to join an exciting program supporting our customer's Office of Security.  This position is located in Springfield, VA.  

This program is able to quickly adjudicate a polygraph for those with an active TS/SCI clearance.  An active TS/SCI is required to be considered for this role.

This position will be responsible for the following:

• Develop, update, and or review Risk Management Framework (RMF) documentation to include (Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports.
• Assess system compliance against National Institute Standards and Technology (NIST), Department of Defense (DOD), and customer Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRG).
• Produce evidence as necessary to compliance status of NIST, DOD and customer security requirements as necessary to meet government requirements.
• Work with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides.
• Coordinate with other SME's, internal, and external customers to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories.
• Analyze vulnerability scans of information systems and assist in remediation tasks.
• Conduct risk and vulnerability assessment of information systems to identify vulnerabilities, risks, and protection needs.
• Facilitate or participate in meetings with stakeholders to discuss statuses and efforts of SIS systems and report to government on findings.
• Prepare and submit bi-weekly reports to team leads and government engineering team regarding system/program status.
• Serve as a Subject Matter Expert (SME) on one or more technologies/skills related to Assessment & Authorization (A&A) activities.
• Actively facilitate and participate in regular A&A status meetings with government and task order personnel to facilitate progress and address potential issues of RMF system efforts.
• Participate in sessions aimed and identifying, planning, and executing strategies in response to emerging cybersecurity RMF policies.
• Maintain industry awareness and knowledge of evolving security and risk management standards to include DOD, and customer policies, procedures and regulations and communicate and apply relevant changes to existing processes.
• Ensure proper use of remote access connectivity from the customer to Background Investigations systems approved by the customer's CIO-T office, and maintained in accordance with NGA's policy and procedures.
• Ensure File Transfer Protocol (FTP) connections from the customer to the Background Investigation system meets NGA and NIST requirements.
• Ensure site to site Virtual Private Network (VPN) tunnels are established based on NGA and DOD requirements.
• Ensure customer approved documentation of all interconnections with systems in the SIS footprint connected to customer infrastructures.
• Conduct audits on computer systems to detect, prevent, and record computer use and abnormalities, Report to Information System Security Officer (ISSO) or Information System Security Manager (ISSM) any attempts by non-authorized users to access SIS systems and provide monthly logs to the customer.
• Ensure data is being protected in accordance with NGA and DOD policies, standards, regulations, and procedures for the SIS specified systems.
• Coordinate the use of multiple security countermeasures to protect the integrity of the information assets in SIS systems enterprise i.e. firewalls, access control, auditing etc. In accordance with accreditation standards using NIST's Intelligence Community Directive (ICD) 503
• Develop, update, ensure security policy and procedures follow the accreditation standards using the NIST'S ICD 503, Risk Management Framework (RMF), and categorizing methods
• Ensure the protection of the security system through implementation of security controls that protect against malicious behavior to include intrusion, tampering and virus detection
• Ensure documentation of specific equipment restrictions, to include documentation on all interconnections required for all SIS systems
• Ensure no personal computers, peripherals or other agencies computers, not authorized by customer CIOT, will be used across interconnection or on customer Networks

Qualifications

Skills and Experience Required:

• Active TS/SCI is REQUIRED
• Must be able to obtain a polygraph before starting employment
• Bachelor's Degree or equivalent experience in a related field to security engineering
• Minimum of 3-6 years of experience
• Experience in assessing systems using NIST 800-53 and DISA STIGs and SRG
• DOD 8070/8140 Compliant, CompTIA Security+ certified
• Efficient with RMF Package development, including POAM (mitigation statements) Security plans, Risk assessment system/site policies, procedures and processes, architecture
• Windows Operating systems
• AWS Services

Desired:

• Testing Security Test Cases for NIST 800-53 Security Controls
• Nessus & DISA STIG Remediation
• Troubleshooting system issues
• Linux Operating systems