Vacancy expired!
Supporting the Most Exciting and Meaningful Missions in the World
Information System Security Engineer Job Description JOB DESCRIPTION/POSITION RESPONSIBILITIES: The Information Systems Security Engineer is responsible for conducting structured security certification and accreditation activities utilizing the Risk Management Framework (RMF) and in compliance with the Federal Information Security Management Act (FISMA) requirements. As a member of the Security Team, the candidate will review technical, management and operational Security Controls in accordance with the National Institute of Standards and Technology (NIST) to ensure the completeness and effectiveness of the IT system's information technology and security solutions.The Information Systems Security Engineer's responsibilities include but are not limited to:- Assignment as Information System Security Officer (ISSO) for NASA hosted information systems
- Communicate and enforce security policies, procedures and safeguards for all systems and staff, based upon NASA and NIST
- Ensuring all Information Systems (IS)s are operated, maintained, and disposed of in accordance with security policies, best practices and NIST publication series NIST 800-53
- Ensure Configuration Management (CM) for security-relevant IS software, hardware, and firmware is documented and maintained
- Manages ATO artifacts, documentation and provides updates within the NASA Information Security Management System. Assist with obtaining Authorization to Operate (ATO) for systems
- Ensure that system security requirements are complied with, unless waived during all phases of the system lifecycles
- Establish audit trails and ensure their review, and make them available, when required, to the Chief Information Security Officer (CISO) or the Information System Security Manager (ISSM)
- Retain audit logs in accordance with NASA policy
- Ensure awareness and precautionary measures are exercised to prevent introduction and/or proliferation of malicious code; manage review and release of media and/or memory components
- Ensure general users and privileged users are trained-in the specific knowledge needed for them to safely operate and maintain the ISs to which they have access, including general security awareness and specialized privileged user training
- Develop, implement, and enforce information systems security policies
- Development of other required system plans: Configuration Management Plan (CMP), Contingency Plan (CP), Continuity of Operations (COOP) and Disaster Recovery Plan (DRP) (as required), and Incident Response Plan (IRP)
- Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, A&A packages, and Security Controls Traceability Matrix (SCTM)
- Supports security authorization activities in compliance with RMF
- Assist in the evaluation of security solutions to ensure they meet security requirements for processing classified information
- On occasion, work extended hours (other than normal business hours) to support contractual requirements to meet customer needs
Vacancy expired!