12900 Federal Systems Park Drive Aurora, CO
Information Security Systems Engineer
Program requires TS SCI with poly
This program is going through accreditations and maintaining their A&A processes. The program is in constant monitoring and are seeking someone to come join a collaborative team to learn and grow with the program.
Day to Day:
The selected candidate will be part of a team responsible to ensure information system compliance with government and corporate security policies and procedures. Knowledge of ICD 503 and NIST SP 800-53 is required. The selected candidate will verify information systems meet applicable security controls as part of the Assessment and Authorization (A&A) Risk Management Framework (RMF) process. Responsibilities include preparing security plans and related documentation, verifying the configuration of information systems, supporting formal security testing and preparation, working with auditors and system administrators on security requirements, media handling, file transfers, incident reporting, computer and network contamination, hardware registration and tracking, audit log review and analysis, software research, and conducting briefings. The candidate must have excellent oral and written communication skills and be able to communicate effectively to internal and external customers. Knowledge of Nessus, Xacta, and other security tools is a plus.
Roles and Duties:
- Experience with Compliance to Security Requirements (specifically ICD-503 RMF).
- System security controls implementation.
- Vulnerability Assessment (testing, assessment, mitigation/justification).
- Necessary skills to design or assist in the design of security controls for Windows and Linux workstation and server operating systems as well as Cisco IOS network operating systems.
- The security engineer will have to work closely with systems administrators, systems and network engineers, and developers to fully understand and account for non-security based software and assets in the infrastructure.
- The security engineer will need to work with the Information System Owner (ISO, Program Office), Program Security Officer (PSO), Information System Security Officer (ISSO), Information System Security Manager (ISSM), Information System Security Engineer (ISSE), and the Security Controls Assessor (SCA), to prepare for assessment of the security posture of the system.
- Serve as information security specialist for an IC program, reviewing all software, hardware, and infrastructure changes on the contract.
- Participate in the Risk Management Framework (RMF) Assessment and Authorization (A&A) efforts, to include POA&M mitigation, the Continuous Monitoring program, and interfacing with government counterparts.
- Review and update information security policy documentation for the contract, ensuring that it aligns with best practices and remains consistent with the current operating environment.
- Other tasks deemed necessary for continuous maintenance and improvement of the contracts security posture.
- Bachelor’ s degree in with 5 years of experience or 9 years of relevant experience in lieu of bachelor’ s degree. 3 years of relevant experience with a master' s degree.
- Experience with information system hardening, security control verification and validation, security documentation development (e.g. SCTM, SSP, POA&M) and continuous monitoring activities.
- Knowledge of Nessus, Xacta, NetWitness, Red Seal and other security tools is a plus.
- Vulnerability scan
- A&A Authorization and Accredidation
Current IAM Level 2 Security Certification (CAP, GSLC, CASP, CISM, CISSP).