Job Details

ID #16986110
State Illinois
City Scottafb
Job type Permanent
Salary USD TBD TBD
Source Credence Management Solutions
Showed 2021-07-19
Date 2021-07-18
Deadline 2021-09-16
Category Security
Create resume

Security Engineer, SME

Illinois, Scottafb, 62225 Scottafb USA

Vacancy expired!

Overview

Credence Management Solutions, LLC (Credence) is seeking a Security Engineer Subject Matter Expert (SME) to provide Security Engineering support to the U.S. Transportation Command (USTRANSCOM) acquisition activities.

Responsibilities

  • Provide support to ensure PEO-T system(s) are designed, developed, and deployed in accordance with applicable Executive Orders, Federal Policy, DOD regulations, USTRANSCOM requirements, and commercial best practices
    • Participate in Acquisition program Engineering Milestone Reviews, e.g., System Requirements Review, Design Reviews, Test Readiness Reviews, Operational Readiness Reviews, Incident Report Working Group, Change Working Groups, and Configuration Control Boards
    • Coordinate with the Acquisition program development Contractor security/system engineers and USTRANSCOM/DISA Security Office to resolve and address security issues impacting program development
    • Support coordination of overall security strategy with multiple agencies, Designated Approval Authority (DAA) representatives and vendors
  • Ensure that the architecture and design of DoD information systems are functional and secure
    • Provide inputs on the adequacy of security designs and architectures
    • Design and develop IA or IA-enabled products, interface specifications, and approaches to secure the environment
    • Recommend changes to network and security architecture for the purposes of improving security posture and meeting operational performance requirements
    • Assess threats to the environment
    • Support operational security activities e.g., firewall implementation, risk mitigation, host security, encryption, intrusion detection, Virtual Private Network (VPN) implementations, and viral detections
    • Plan and/or review security lockdown and/or hardening of Servers (Windows, UNIX, etc.) and network devices
  • Support program transition from Defense Information Assurance Certification and Accreditation Process (DIACAP) to Risk Management Framework (RMF)
    • Perform Technical Reviews of development Contractor produced deliverables for security impact, e.g., Security Plan, DOD Information Assurance RMF, Requirements Specification, Functional Specification, Design Documents, Sustainment Plans, Deployment Plans and Test Plans. Document and deliver comments to the Government within specified timeframe
    • Perform and assist PEO programs in the transition of existing DIACAP artifacts to the RMF
    • Plan and Assist in program artifact analysis and transition to ensure Authority to Operate (ATO)
    • Participate in risk assessment during the certification and accreditation process and Assessment & Authorization (A&A) activities
    • Manage and update existing system security documentation developed to facilitate security authorization IAW RMF procedures
    • Conduct security certification activities as required to maintain current authorization and support follow-on authorizations
    • Assess and transition the security posture of applications based on procedures stemming from RMF-assigned IA controls
  • Perform Fortify scanning and analysis
    • Perform analysis to determine invalid Fortify issues and to classify and categorize valid Fortify issues according to severity, type, and projected remediation path for development and sustainment applications and code, including vulnerabilities that exist in the current software baseline deployed in the Production environment.
    • Identify invalid Fortify Scan issues and remove from further analysis
    • Document the analysis in the Fortify reports, and include Status, Adjudication Method, Comments, Plan of Action and Milestones (POAM), Milestones, and Completion dates
    • Work with developers to remediate or mitigate valid Fortify issues in accordance with the Government-approved schedule
    • Identify software security vulnerabilities and provide a report on the vulnerabilities by severity level
    • Perform source code security scans (as needed; independent of the scans performed by the contract developer), using the Government-approved security tools (Fortify, Nessus)
    • Conduct, participate in, and evaluate security testing activities e.g., security assessments, audits, and penetration testing
    • Evaluate security analysis and assessments provided by contract developers. Analysis and assessment should include system impacts, identify mitigating factors, and develop recommendations to the Government regarding potential courses of action
  • Support security assessment activities to maintain authorization and support re-authorization.
    • Support use of the DoD Enterprise Mission Assurance Support Service (eMASS) system for automated accomplishment of the certification and accreditation process.
    • Assist in the update of eMASS a minimum of once per year and once for each software release and provide supporting IA documentation for upload as artifacts in eMASS.
    • Provide training to junior members of security team

Qualifications

  • Active Secret security clearance.
  • 5 - 10 years' Security Engineering Experience (IA/Cyber Engineering).
  • Ability to work individually, actively participate on integrated teams, or lead a task, project or team
  • Experience with DIACAP and RMF for DoD Information Technology (IT) systems
  • Experience with vulnerability assessment and management; as well as metrics consolidation and reporting (to include the Federal Information Security Management Act (FISMA) requirements)
  • Experience with cybersecurity and IT systems and tools administration and maintenance
  • Understanding of NIST and DoD security policies, directives, and guidelines
  • Experience with Vulnerability scanning software, e.g., Fortify, Nessus
  • Experience with computer network defense (CND) operations, monitoring, and analysis
  • Experience with incident response, tracking, and resolution; cross-domain solutions support; inter-agency coordination; and PKI procedures and guidance
  • Experience using IT security tools (e.g. IDS, IPS, etc.) and operating systems (e.g. Windows 7/10, LINUX, etc.)
  • Must have one of the following Information Assurance Manager (IAM) Level II certifications:
    • CAP
    • CASP+ CE
    • CISM
    • CISSP (or Associate)
    • GSLC
    • CCISO

Vacancy expired!

Subscribe Report job