Key skills
Secret security clearanceInformation networks securityRisk Management Framework (RMF)Enterprise Mission Assurance Support Service (eMASS)Information assurance toolsHBSSCOMPTIA Security+Splunk EnterpriseSplunk certificationsCollaborative skillsSplunkRisk ManagementChange Management
About this role
Serco Inc. is the Americas division of Serco Group, plc, and they are seeking a Principal Information Security Systems Engineer to support applications on the Defense Information System Agency (DISA) military cloud. The role involves coordinating security efforts, maintaining security controls, and ensuring compliance with security documentation for various cloud applications.
Responsibilities:
- Coordinate Enterprise Mission Assurance Support Service (eMASS) and DoD Risk Management Framework (RMF) efforts
- Monitor and maintain security controls and Plans of Action & Milestones (POA&Ms) for multiple cloud applications
- Maintain vulnerability scans and effect resolution
- Process eMASS workflows for cloud applications
- Maintain Authority to Operate systems
- Develop use cases as required
- Coordinate team security training
- Coordinate with Navy Qualified Validator to resolve control findings
- Coordinate efforts to ensure security documents are up to date
- Provide inputs to weekly and monthly government reports and support emerging government tasking
- Create and maintain information system security documentation, Standard Operating Procedures (SOP), and provide guidance on active POA&Ms in accordance with NIST revisions
- Conduct periodic and continuous monitoring of the system, procedures, and documentation to ensure compliance with the authorization package
- Work within the IA team to perform basic system administration and maintain various IA tools, including audit collection and reporting systems, vulnerability management programs, and other continuous monitoring capabilities
- Participate in the change management process, including reviewing change requests and assisting in the assessment of security impact of proposed changes and migrations
- Monitor system recovery processes to ensure security features and functions are properly restored and functioning correctly following an outage
- Coordinate information assurance program controls in accordance with DoD requirements
- Identify deficiencies and provide recommendations for solutions; track findings with POA&M through mitigation and/or risk acceptance
Requirements:
- An active Secret security clearance
- A Bachelor's degree (preferably in telecommunications, computer science, information systems management, electrical engineering, computer engineering or similar field of study)
- 5 plus years' experience with information networks and related security concerns
- 4 years of experience with RMF tools including eMASS
- DoD 8570.1 / DoD 8140.01 (IAT II Level certification)
- Experience using various IA tools in audit collection, audit review, audit management, and end point protection (HBSS, MDE /MDI)
- COMPTIA Security + or higher, Certification highly desired
- Experience with Splunk Enterprise operations is preferred and Splunk certifications are highly desired