Key skills
CloudCyber SecurityTypeScriptIntegration TestingIAMRisk Management
About this role
Role Overview
- Perform Information System Security Engineering (ISSE) activities throughout the system development lifecycle in accordance with NIST SP 800-160, NRO RMF requirements, and applicable cybersecurity directives.
- Capture, refine, and document information protection requirements and ensure their integration into system acquisitions, engineering activities, and development efforts.
- Integrate security functional requirements into acquisition lifecycle phases, program milestones, engineering documentation, and system development processes.
- Assess cybersecurity risks, identify mitigation strategies, evaluate residual risk, and provide risk-based recommendations to stakeholders.
- Support Risk Management Framework (RMF) activities, including system categorization, control implementation, assessment support, authorization support, and continuous monitoring activities.
- Develop and maintain cybersecurity documentation supporting RMF and Assessment & Authorization (A&A) activities, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), risk assessments, and related artifacts.
- Evaluate proposed system changes, technology integrations, and engineering solutions to determine cybersecurity impacts and recommend appropriate security requirements.
- Support the design, development, implementation, integration, and sustainment of secure information systems and information assurance architectures.
- Analyze system and network architectures to identify security requirements and recommend protections that support confidentiality, integrity, availability, authentication, and non-repudiation.
- Recommend security architectures and engineering solutions that align with mission objectives, performance requirements, and cybersecurity best practices.
- Conduct technical assessments to identify vulnerabilities, threats, and risks affecting enterprise, cloud, network, and mission systems.
- Support vulnerability management activities, including vulnerability analysis, remediation planning, risk evaluation, and implementation of corrective actions.
- Assess and recommend security controls, common controls, and compensating controls to address identified security requirements and risks.
- Support the integration and implementation of Cross Domain Solutions (CDS) and coordinate with relevant stakeholders to ensure compliance with organizational processes and authorization requirements.
- Apply Information Assurance (IA) and cybersecurity principles in support of enterprise IT systems, communications systems, cloud environments, and mission networks.
- Support configuration management activities to maintain the security posture of hardware, software, operating systems, applications, and infrastructure components.
- Participate in system testing, integration testing, security validation activities, and engineering reviews to verify security requirements have been properly implemented.
- Collaborate with system engineers, program managers, security control assessors, authorizing officials, and other stakeholders to support system authorization and cybersecurity objectives.
- Research emerging cybersecurity threats, vulnerabilities, technologies, and countermeasures and provide recommendations to improve system security and resiliency.
- Participate in Integrated Product Teams (IPTs), engineering working groups, cybersecurity reviews, and technical forums to support mission and program objectives.
- Support resilient system design and cybersecurity best practices that enable systems to operate through disruption, degradation, or hostile activity.
Requirements
- An Active TS/SCI with a Counter Intelligence Poly (highly preferred from this client)
- Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, Information Systems, Computer Engineering, or a related technical field.
- Minimum of three (3) years of experience supporting Information System Security Engineering (ISSE), cybersecurity engineering, information assurance, risk management, or related cybersecurity disciplines.
- Current Information Assurance Management (IAM) Level II or equivalent qualifying certification in accordance with contract requirements.
- Experience supporting cybersecurity activities throughout the system development lifecycle.
- Knowledge of Risk Management Framework (RMF), NIST cybersecurity guidance, and Assessment & Authorization (A&A) processes.
- Knowledge of cybersecurity principles, information assurance concepts, systems security engineering methodologies, and secure system design practices.
- Experience evaluating security requirements, implementing security controls, and supporting cybersecurity compliance efforts.
Tech Stack
- Cloud
- Cyber Security
- TypeScript
Benefits
- Medical
- Dental
- Vision
- Life Insurance
- Short-Term Disability
- Long-Term Disability
- 401(k) match
- Flexible Spending Accounts
- EAP
- Training and Tuition Assistance
- Paid Time Off
- Holidays