The Cyber Security InfoSec Engineer position is part of the sponsor's Technical Director office, and has duties that span the sponsor's organization as well as being assigned to specific projects within the sponsor's organization. The systems engineer serves as the security product owner in the agile process for one or more services developed and maintained by the sponsor. In this role, the Cyber Security Infosec Engineer maintains awareness of security requirements and changes in order to advise the development on security relevant changes; identifies security relevant changes at architecture planning meetings; and answers the development team's questions in regards to these requirements. Additional duties also include deploying keys (SMKs) for projects at proper intervals. The Cyber Security InfoSec Engineer works with the development team to identify and define applicable security controls and responses for the project's XACTA instance. The Cyber Security InfoSec Engineer is responsible for reviewing responses, entering responses into XACTA, and updating risks in XACTA. The position also identifies potential controls where the sponsor is a common control provider and assists with drafting common control language to be entered into XACTA. The Cyber Security InfoSec Engineer performs security maintenance duties for assigned projects. The duties include preforming gap analysis of security controls vs. as-built and advising the project team of the gaps with recommendations of resolutions options. Additional duties include maintaining awareness of operational patching and system level changes of assigned projects, reviewing scans and baselines to ensure proper patch levels, and uploading cyclic scans to the appropriate repositories during the project lifecycle. The Cyber Security InfoSec Engineer plays a vital role in achieving and maintaining system accreditation. Accreditation duties include providing guidance of the A&A process for assigned projects; providing overviews of timelines and milestones; requesting ATOs, ATDs, and Extensions; requesting, creating, maintaining, updating and closing POA&Ms; working with the various security organizations (Information system Security manager, CAD, IMO, CIFT) to provide proper Body of Evidence and feedback; and maintaining and uploading security documentations to the proper repositories during the project lifecycle. The Cyber Security InfoSec Engineer performs regular reviews, such as weekly audit log reviews for violations within Splunk and ELK; spreadsheet reviews of ICAM Privileged Users to ensure least/privilege/role separation rules are being followed; reviewing the CRE across all projects; and reviewing the security test results in order to recommend changes to improve the CRE score. The Cyber Security InfoSec Engineer is required to attend meetings and provide updates, such as regular meetings and communication as needed with the Information system Security manager and the Information system Security manager staff; provide security updates to the sponsor bi-weekly, and provide internal one-pager reporting the sponsor.
***** All positions require a Active (TS/SCI) Clearance with a Polygraph to be considered *****
Demonstrated experience with Information Systems architecture and security control design and development.
Demonstrated experience in infrastructure or application-level vulnerability testing and auditing using third party and open source tools while following common security frameworks.
Demonstrated experience with network security systems and protocols such IPSEC, SSH, LDAP.
Demonstrated experience in vulnerability assessments/penetration testing, include web applications, networked appliances, enterprise solutions/systems and remote access/support technologies through the use of industry standard and custom tools/processes.
Demonstrated experience with the following security principles system, database and network security; ethical hacking; security principles and best practices; security monitoring; data mining and log review.
Demonstrated experience managing vulnerability management solutions and processes, including the management of the remediation of discovered threats.
Demonstrated experience in vulnerability assessments with tools such as NESSUS, NMAP, WebInspect, or AppDetective.
Demonstrated experience with Multi-factor security solutions.
Demonstrated experience with operating systems such as Windows Server, Linux, or UNIX.
Demonstrated experience with cloud technologies such as Amazon Web Services.
Certification Requirements: Certified Information Systems Security Professional (CISSP).