Information System Security Engineer (NMMES)

Location: Norfolk, Virginia
Date Posted: 02-12-2018
Job Title:           Information System Security Engineer (ISSE)
 
Job Code:         
10417762

Job Location:    Norfolk, Virginia

Imagine One is seeking an Information System Security Engineer (ISSE) to provide full life cycle support for the development, delivery and sustainment of the Assessment and Authorization (A&A) Navy Risk Management Framework (RMF) life cycle, ensuring systems receive and maintain authorization. The ISSE will provide independent assessments, reviews and implementation guidance for Department of Defense (DoD) and Department of the Navy (DON) acquisition, financial and Information Technology (IT) policies, laws and regulations.

The successful candidate will develop authorization packages, including System Categorization Statements, Network Diagrams, Data Flows, Ports, Protocols and Services Management (PPSM), External Connections, System Risk Assessments and System Security Plans, supporting documentation and Memorandum for the Record based on DON “use case” requirements.  In addition, the ISSE will evaluate and assess compliance with established Cybersecurity (IA) policies and regulations, collaborate directly with the assigned validator defining mitigation strategies, evaluating DISA Security Technical Implementation Guides (STIG)/Security Requirements Guides (SRG) and checklist, engage with government staff, security personnel and NAVSEA stakeholders, development teams to communicate A&A requirements, understand system security, architecture and document IA posture for DON authorization/reauthorization and continuous authorization lifecycle requirements.

Required Qualifications:
Qualifications and Experience:  A bachelor degree in in Science, Technology, Engineering, or Mathematics (or equivalent); Current recognized Cybersecurity certification with continuing education requirements and 2-5 years’ experience.  Minimum compliance with DoD Manual 8570.01M (or equivalent) Cyber Information Technology/Cybersecurity Workforce IAM Level II is required.
 
Clearance: Secret
 
Working knowledge and experience in:
  • Skills and abilities of Junior Level position.
  • Ability to communicate clearly and succinctly in written and oral presentations.
  • Technical Writing
  • Understanding of computer security and DoD Information Assessment & Authorization policies, DoD information security policies, relevant federal and private standards, requirements, Defense Information Systems Agency (DISA), National Institute of Standards (NIST) policies, Committee for National Security Systems (CNSS) policies, DoD/DON Communications Task Orders (CTO’s, TASKORD’s), and DoD Cybersecurity Vulnerability Messages (IAVM’s).
  • DoD STIGs and SRGs, the DISA STIG Explorer and the use of STIG/SRG Applicability Guide and Collection Tool (SCAP Tool) results.  Conversant with how to obtain the latest STIGs/SRGs, how to create STIG/SRG checklists and import SCAP Tool results to STIG/SRG Checklists, assess and document the automated and manual assessment results of SCAP Tool, requirements and how to document the results in the STIG/SRG checklists, draft proposed mitigations for non-compliant results, and develop POA&Ms to resolve the non-compliant results.
  • Vulnerability analysis of information systems and identify, report, and resolve non-compliant cybersecurity controls.
  • Ability to recommend Cybersecurity solutions and controls to support requirements.
  • Cybersecurity compliance and secure cyber posture with respect to availability, integrity, confidentiality, and authentication.
  • Assessment and authorization packages.
  • Development of authorization artifact documentation to include engineering documentation, network drawings, and related documentation as required by authorization standards.
  • Configuration Management support.


Desired Qualifications:
  • Knowledgeable in areas concerning Navy Risk Management Framework (RMF) lifecycle Information Cybersecurity requirements and Information System Assessment and Authorization (A&A).

Experience with Department of Navy Authorizing Official (NAO) requirements, DON RMF specific templates, requirements, documentation, guidelines and procedures.
  • Familiar with the DoD Information Technology Portfolio Repository-Navy (DITPR-DON)/DON Application and Database Management System (DADMS) and the requirements for their use.
  • Fully Qualified Navy Validator (FQNV) or Navy Qualified Validator (NQV) certification
  • Experience with any of the following technologies: Platform Information Technology (PIT), Cloud Computing, Information System Virtualization, etc.
  • Assured Compliance Assessment Solution (ACAS), DoD Host Base Security System (HBSS) and DON Vulnerability Remediation Asset Manager (VRAM).
  • Experience with Enterprise Mission Assurance Support Service (eMASS).
  • Experience with Risk Management Framework (RMF) authorization packages.
  • Knowledge of cybersecurity implementation of Sarbanes-Oxley, Health Insurance Portability and Accountability Act of 1996 (HIPAA), and/or Clinger-Cohen Act requirements a plus
  
Imagine One offers a full package of benefits and competitive salary, excellent group medical, vision and dental programs. 401K savings plan; $4K annual tuition reimbursement ($5K if pursuing Master’s degree); employee training, development and education programs; profit sharing; advancement opportunities; and much more! Imagine One is an Employee Owned Company!


*Imagine One offers for employment may stipulate that one or more requirements be satisfied before final commitment between candidate and Imagine One is established; namely, award of contract to the Imagine One Team.  Contingent requirements vary and may also include, but not be limited to additional factors (i.e., the position still being available after negotiations with the Government; final approval of your qualifications by the Government; or ability to successfully acquire and/or transfer a DoD security clearance).
 
EEO/AA Employer. Protected Veterans and individuals with disabilities encouraged to apply.

 

 
this job portal is powered by CATS