Security Engineer

Job Description

The candidate must have prior VA experience and currently have a VA badge

The Cyber Security Engineer will conduct risk reviews on all technical, management and operational controls, to document information security risk to systems, assets, resources and residual risk to the customer based on NIST and Center for Internet Security specifications and customer policy. Duties and responsibilities include but are not limited to:

• Create Security Assessment Review (SAR) reports.
• Perform ATO Independent Verification and Validation (IV&V) workflow review.
• Perform analysis of System Security Plans (SSPs), Security Control Assessment (SCA) test results, Risk Assessments (RAs), Plans of Action and Milestones (POA&Ms), and vulnerability scan results.
• Update Assessment and Authorization (A&A) Standard Operating Procedures (SOPs).
• Provide Information security SME services to review, update and implement Common Control Identifier (CCI) requirements.
• Provide Tier 1 security SME compliance reviews based on RiskVision and eMASS workflow stages.
• Conduct reviews of Personal Card Identification (PCI) station operations plans and assessment results and prepare for onsite PCI reviews.
• Perform Security Impact Analysis (SIA) reviews.

Qualifications

• Experience leading teams performing information assurance and/or risk assessments
• Demonstrated experience performing comprehensive security assessments using the Risk Management Framework (RMF)
• Experience with Cyber Security and privacy rules associated with:

  • Risk Management Framework (NIST SP 800-37 rev 2),
  • Assessing Security and Privacy Controls in Federal Information Systems and Organizations (NIST SP 800-53A rev 4),
  • Guidelines for the Accreditation of Personal Identity Verification Card Issuers (NIST SP 900-79-2)

• Technical background in networking, system engineering, database administration, web applications or software development
• Experience analyzing Information Assurance systems in unclassified and classified environments for compliance
• Experience in planning, analyzing, documenting, and reporting activities associated with the system security accreditation and authorization (A&A) process
• Knowledge of NIST and FISMA policies, regulations, and guidelines
• Experience analyzing Information Assurance systems in unclassified and classified environments for compliance
• Excellent written and verbal communication skills
• Excellent analytical and problem-solving skills as well as interpersonal skills to interact with customers, team members and upper management
• Self-starter that can work under general direction in a highly collaborative, team-based environment
• Ability to obtain and maintain a Public Trust clearance

• Security+ certification
• Experience with applications such as:

  • RiskVision Open GRC
  • eMASS
  • Red Seal

• Knowledge of:o DISA Security Requirements Guides (SRGs)o Security Technical Implementation Guide (STIGs)o Center for Internet Security (CIS) Benchmarks

Previous government contracting experience

Additional Information

Candidate will be temporarily remote due to COVID-19

Job Type: Full-Time

Equal Opportunity/Affirmative Action Employers. All qualified applicants will receive consideration for employment without regard to race, color, religious beliefs, national origin, ancestry, citizenship, sex, gender, sexual orientation, gender identity, marital status, age, physical or mental disability or history of disability, genetic information, status as a protected veteran, disabled veteran, or other protected characteristics as required by federal, state and local laws.