Engility is currently seeking an Senior Information Security Engineer who will work directly with the ...
Engility is currently seeking an Senior Information Security Engineer who will work directly with the System Engineering Technical Analysis (SETA) Team in defining and implementing security requirements. The candidate, per customer Risk Management Framework (RMF) Security Authorization Process and the National Institute of Standards and Technology) NIST Special Publication 800-37, will be responsible for ensuring that the appropriate operational security posture is maintained for 2 information systems and will work in close collaboration with the information system owner, information architect, system administrators, and the entire SETA Team. The Senior Security Engineer will also assist the organization with maintaining their current security infrastructure and assist with defining future system network designs. The Senior Security Engineer will also provide functional support for the creation and maintenance of associated security documentation packages. Primary responsibilities may also include, but are not limited to: Maintain security Assessment and Authorization (A&A) on the information systems via Continuous Monitoring. Apply security engineering and networking knowledge to weigh in on the security consequences of proposed network, hardware, or software modifications and develop a path forward to address relevant security changes which are acceptable to both the SETA Team and the Information System Security Manager (ISSM). Continuously track changes to the information systems that may affect security controls and reassess control effectiveness. Lead and/or contribute to technical meetings related to the security posture of the information system. Develop, and/or manage a System Security Plan, Security Concept of Operations (CONOPS), user guides, and all security documentation related to the information systems and maintain them in the customer's system of record. Work closely with the ISSM and the SETA Team to manage the authorization support package for customer information systems when the system requires reauthorization. Manage all Plans of Actions and Milestones (POA&Ms) on a system if they exist Work with the SETA Team and the System Administrators to resolve any issues as required in the information systems completed system security results. Review system and application audit logs on a weekly basis. Work with the System Administrators to regularly assess risk and documentation remediation of system vulnerabilities. Provide ongoing awareness of information security vulnerabilities and threats. Maintain a rapport with the ISSMs to keep them abreast on upcoming security relevant issues pertaining to the information systems. The Senior Security Engineer should also be familiar with open source or commercial tools used to review system and network audit, compliance and integrity. The candidate should have strong leadership and communication skills and should be comfortable with working in a fast paced environment. The selected candidate will be comfortable with communication with all levels of management (which includes defending security recommendations made) and have strong documentation skills. The candidate will be expected to assist the team with other SATCOM related projects which are not related to security when time permits. Typical Duties and Responsibilities: Must have a current/active TS/SCI with Polygraph Requires a BS Degree and 5-10 years of relevant experience Must have knowledge of IT architectural concepts and frameworks Knowledge of security principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation) Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, PKI, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists Experience working with internet, web, application and network security techniques Experience working with relevant operating system security (Windows, Solaris, Linux, etc.) Experience working with leading firewall, network scanning and intrusion detection products and authentication technologies Experience working with NIST Special Publications and C&A process methodology Required Qualifications: Possess a CISSP, Security+, and/or CASP certification Experience working in a SATCOM environment ? Department: Engineering - provided by DiceAnalysis, CISSP, DNS, Encryption, Firewall, Hardware, Linux, Manager, Management, Networking, Protocols, Risk Management, Security, Solaris, Windows