Your browser cookies must be enabled in order to apply for this job. Please contact support@jobscore.com if you need further instruction on how to do that.

Internal Application: Security Systems Engineer (ISSE) #148

Engineering | Alexandria, VA | Full Time

Job Description

*****Security Clearance required: Top Secret/SCI with 

This ISSE role is part of larger team of ISSEs under the contract’s Security Team. The ISSE will be responsible for achieving individual and team objectives for:
•Maintaining the accreditation of the assigned Security Plans to the ICD 503 RMF requirements
•Ensuring that the architecture and design of DoD information systems are functional and secure. 
•Providing security subject matter expertise at all engineering, change, configuration control and other meetings. 
•Participating in risk assessment during the certification and accreditation process. 

Job Details
For all assets maintained and falling under the Leidos contract area of responsibility, the ISSE will conduct the following activities:
•Provide assessment and authorization (A&A) services in accordance with ICD 503 Risk Management Framework.  To include:
oCollection and review of ACAS scans.  Document and recommend mitigation actions
oCollection and review of STIG scans.  Document and recommend mitigation actions
oAddress identified and relevant controls from the IA Requirement Catalog (IRAC)
oPrepare Test Plan to address identified controls
•Use XACTA 360 and the accreditation process flow within.  Know where and when to update.
•Use HBSS to create tags, look up equipment, apply tags and export reports
•Use Tenable Security Center to retrieve reports from the Nessus Manager
•Support A&A compliance with:
oInformation assurance policies standards and guidelines
oSecurity risk assessments
oContinuous monitoring
oContinuity planning
•Develop/maintain security documentation per NGA/IC/DoD/Industry standards and policies
•Coordinate all A&A initiation and renewal activities working with the NGA Designated Authorization Official (DAO or DAOR)
•Perform decommission activities as required for assets and Security Plans.
•Address any Information Assurance or Cybersecurity notices, orders, taskings, or directives as required following the NGA operations vulnerability and patch management process. 
•Attend and participate in weekly vulnerability and risk management meetings
•Ensure that all services, operational systems, devices and applications are compliant and sustain compliance with the most current Defense Information System Agency (DISA) security technical implementation guides (STIGs), Security Requirement Guides (SRGs), Information Assurance Vulnerability Management (IAVM) requirements, USCYBERCOM Operational Orders (OP ORDs) and approved security updates. 
•Perform security audits and assessments – create of Plan of Action and Milestones (POAMs)
•Coordinate with System Administrators and others for the remediation of all vulnerabilities and report results. For any open vulnerability, document, obtain approval and status POAMs
•Update Security CONOPS and Information Technology Disaster Recovery (ITDR) plans for each Security Plan.
•Participate in the development, implementation, and testing of disaster recovery methods and procedures for the ITDR Plan
•In coordination with NGA Government personnel, ensure the appropriate Security CONOPS, ITDR Plan, all Gold Data for FISMA, CCRI, FISCAM, OMB 53/300, and TAM (PS-AM & CMDB) are current, executable and consistent for each SPID
•Conduct technical and administrative STIG/SRG reviews for all CCRI technology areas each quarter
•Assist in the preparation and deliver of monthly and quarterly Assessment and Compliance Status Reports
•Provide ad-hoc reporting to assist the Government in assessing readiness of all applicable UFS systems, applications, and devices in response to short notice/no-notice DISA, CCRI, Computer Network Defense – Service Provider (CND-SP), or other directed inspections/audits
•Support remediation of findings from routine NGA vulnerability scanning, A&A assessments, or inspections with NGA service providers to support USCYBERCOM 21-day remediation requirements. 
•Support rapid patching deployment process and reporting for USCYBERCOM or vendor patches addressing zero-day exploit activities to support a 7-day remediation timeline as directed by the CSOC. 
•Establish plans, procedures and technical measures for UFS design and infrastructure to provide Continuity of Operations Planning (COOP) and off-site backup capabilities in accordance with NGA Directive (NGAD) 3020. 
•Ensure the UFS design and infrastructure meets all COOP and off-site backup requirements in accordance with NGAD 3020
•Coordinate and participate with NGA Operation Center and other identified service providers or contracts for any exercises or executions involving UFS.

Education/certification and experience requirements: 
•Bachelor’s degree and 6+ years of relevant experience; or Master’s degree.
•DoD 8570 certification required; minimum certification is Security+ CE. 
•Understanding of risk management framework for ICD-503 is desired. 
•Experience desired with the following systems/platforms/tools: XACTA; XACTA 360 (preferred); HBSS; ACAS; Nessus.
•NGA experience desired.

•  Ensure that the architecture and design of DoD information systems are functional and secure 

•  Provide security subject matter expertise at all engineering, change, configuration control or equivalent meetings 

•  Assess threats to the environment  

•  Provide inputs on the adequacy of security designs and architectures 

•  Participate in risk assessment during the certification and accreditation process 

•  Ensure that the architecture and design of DoD information systems are functional and secure 


•  As needed, design and develop IA or IA enabled products, interface specifications, and approaches to secure the environment 


Skills & Tasks: 

Exceptionally Complex - researches and evaluates new concepts and processes to improve performance. Analyzes cross-functional problem sets, identifies root causes and resolves issues. Assists more junior level technicians, specialists, and managers in their activities. Can perform all tasks of lower level technicians, specialists, and/or managers.

Individual Work / Teamwork or Leadership / Management: Leadership/ Management - Works individually, actively participates on integrated teams, and leads multiple tasks, projects or teams. Oversees and monitors performance, and when required, takes steps to resolve issues.

Guidance: Directs multiple teams through to project completion. Provides guidance and direction to lower level technicians, specialists, and managers.

Education/Min Years Experience: HS/GED -- 10 years experience, Associates -- 8 years experience, Bachelors -- 6 years experience, Masters -- 4 years experience, PhD -- 2 years experience