Security Engineer Associate
Location
Springfield, VA | United States
Job description
Your Impact:
Duties/Tasks and Responsibilities:
- Bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements.
- Apply Risk Management Framework (RMF) security controls in accordance with regulatory policies into formal system test plans.
- Serve as the security subject matter expert (SME) and will manage the execution of systems security activities for multiple applications.
- Provide guidance to teams on the A&A Process to include: related security documentation such as systems concept of operations (ConOps), system security design, implementation plans, operational procedures, and maintenance training materials.
- Provide support to development teams for mitigation and management of Plan of action and Milestones (POA&Ms)
- Conducts assessments of existing IT architecture for compliance with security requirements in accordance with regulatory security frameworks (IAW NIST SP 800-53 Rev. 4)
- Provide engineering support and assistance to authorization/accreditation test and evaluation activities
- Conduct IT Disaster Recovery exercises and maintain all associated documentation
- Management of software in use and updates as required
- Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives
- Conduct and review security scans
- Track and mitigate customer system vulnerabilities
- Participate in IAVA Testing and provide recommendations of baseline acceptance of system patches
- Ensure STIG compliance and mitigation
- Ensure and maintain integration compliance with enterprise services
- Provide continuous monitoring support for information systems
- Assist with running vulnerability scans on various applications and provide recommendations for compliance
- Ability to work closely with leadership, engineers, admins, and developers to efficiently work through the A&A process and Continuous Monitoring.
Here’s What You’ll Need:
Bachelor’s degree plus 2 years experience, Associates degree plus 4 years experience, or a minimum of 6 years of experience, in a related field
Desired Requirements:
- XACTA 360 experience
- Certified Information Systems Security Professional (CISSP), CompTIA CASP, or other IAT II Certification
- Extensive experience with Security Framework regulations, to include: NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF
- Extensive experience with Plan of Action Milestones (POA&Ms) and knowledge of appropriate corrective action for unacceptable risks
- Experience with a variety of systems (e.g. desktop, cloud, etc.)
- Knowledge of Enterprise Security Best Practices (IAW NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF)
- Applicable software/ hardware/management training & certification (e.g.; specialties like Amazon Web Service architect/engineering, ServiceNow/Service+)
#divergent #dvscyber
Job tags
Salary