Security Engineer Associate

Location

Springfield, VA | United States

Job description

Your Impact:

Duties/Tasks and Responsibilities:

• Bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements.
• Apply Risk Management Framework (RMF) security controls in accordance with regulatory policies into formal system test plans.
• Serve as the security subject matter expert (SME) and will manage the execution of systems security activities for multiple applications.
• Provide guidance to teams on the A&A Process to include: related security documentation such as systems concept of operations (ConOps), system security design, implementation plans, operational procedures, and maintenance training materials. 
• Provide support to development teams for mitigation and management of Plan of action and Milestones (POA&Ms)
• Conducts assessments of existing IT architecture for compliance with security requirements in accordance with regulatory security frameworks (IAW NIST SP 800-53 Rev. 4)
• Provide engineering support and assistance to authorization/accreditation test and evaluation activities
• Conduct IT Disaster Recovery exercises and maintain all associated documentation
• Management of software in use and updates as required
• Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives
• Conduct and review security scans
• Track and mitigate customer system vulnerabilities
• Participate in IAVA Testing and provide recommendations of baseline acceptance of system patches
• Ensure STIG compliance and mitigation
• Ensure and maintain integration compliance with enterprise services
• Provide continuous monitoring support for information systems
• Assist with running vulnerability scans on various applications and provide recommendations for compliance 
• Ability to work closely with leadership, engineers, admins, and developers to efficiently work through the A&A process and Continuous Monitoring.

Here’s What You’ll Need:

Bachelor’s degree plus 2 years experience, Associates degree plus 4 years experience, or a minimum of 6 years of experience, in a related field

Desired Requirements:

• XACTA 360 experience
• Certified Information Systems Security Professional (CISSP), CompTIA CASP, or other IAT II Certification
• Extensive experience with Security Framework regulations, to include: NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF
• Extensive experience with Plan of Action Milestones (POA&Ms) and knowledge of appropriate corrective action for unacceptable risks
• Experience with a variety of systems (e.g. desktop, cloud, etc.)
• Knowledge of Enterprise Security Best Practices (IAW  NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF)
• Applicable software/ hardware/management training & certification (e.g.; specialties like Amazon Web Service architect/engineering, ServiceNow/Service+)

#divergent #dvscyber

Job tags

Salary