Senior Information Systems Security Engineer (Risk Management) VA/DC Area

Essential Functions and Job Responsibilities:

The senior information systems security (ISS) engineer provides operational risk management analysis and support to DoD-managed systems across varying security classifications, architectures, mobile devices, VPNs, and remote access architecture (SSL/TLS).  The senior ISS engineer evaluates computer systems and network security risks to determine methods to mitigate and eliminate threats, vulnerabilities, and attacks and provides support to DoD customers through the following to include:

•             Providing Tier 3 computer network defense and oversight of DoD-managed systems for security controls and security guidelines.

•             Providing integrated support to DoD stakeholders on managed networks by performing systems security audits on a regular and scheduled basis.

•             Documenting all security infractions/instances and analyze trends for government reporting.

•             Reporting any anomalies, unapproved system configurations, incidents, and undesired activity to the appropriate DoD management and support staff for resolution.

•             Acting as a liaison for independent audits by external agencies and act as a central POC for remediation efforts requested by auditors.

•             Partnering with internal stakeholders to resolve any audit findings and providing briefings to senior management while tracking POAMs and verify that findings are corrected.

•             Performing vulnerability management and oversight activities for all systems in the Test and Production environments.

•             Identifying the findings that require a Plan of Action and Milestones (POAM) for remediation.

•             Tracking and monitoring VMS integrity verification and POAMs; escalating to DoD management as necessary to incomplete service requests.

•             Monitoring the evolving DoD Risk Management Framework (RMF) guidance and adapt vulnerability management processes and procedures in order to maintain compliance.

•             Evaluating proposed changes for security risks for customers’ IT environments and participating in the Enterprise Change Control Board, reviewing Requests for Change (RFC), and performing risk assessments on IT systems, hardware, and software.

•             Supporting and overseeing the server Validation and Verification (V&V) activities for all new and modified applications in support of Certification and Accreditation efforts.

•             Identifying and evaluating residual risks stemming from the implementation of new systems or changes  to existing systems.

•             Identifying risk mitigation requirements based on Security Technical Implementation Guides (STIGs).

•             Reporting any unapproved configuration changes that increase risk to DoD-managed systems to key stakeholders within one business day of incident.

Minimum Requirements:

•             Seven or more years of experience with Information Assurance.

•             Four or more years of experience focused on designing, installing, and configuring IT systems and networks in accordance with DoD IA policy (e.g., DoDI 8500.2, CJCSI 6510.01) and STIGs, to include the configuration and use of security products.

•             Must hold one of the following certifications:  CISA, GCIH, GCED, CISSP, or CASP.

•             Must hold one of the following certifications:  MCITP, MCSE, MCSA, or GCWN,

•             Knowledgeable of DoD security policies, directives, and guidelines (e.g., DoDI 8500.2, CJCSI 6510.01, DISA STIGs)

•             Experienced working with the security configurations of network/system architecture design & implementation related to Microsoft Server and Operating Systems, Red Hat Linux Enterprise OS, Unix OS, VMWare, Oracle Databases, and border devices (i.e. firewall, VLANs).

•             Knowledge of encryption standards, vulnerability scanning, and application code scanning as well as HBSS monitoring.

•             Experienced with managing IT security audits, Metrics, and Technical Writing.

•             Must hold an in-scope DoD Security clearance at the TS/SCI level.

Additionally Desired Qualifications:

•             Master’s degree in information systems, cyber security, or project management.

•             Experience supervising and leading others within one’s own profession

please send resume to lucy@military-civilian.com with job title and location in the subject line

 5/22/2014

Lucy Jensen  |  Military – Civilian

(310) 455-2002  |  lucy@military-civilian.com

Military-Civilian Home  |  Career Board  |  Mobile Career Board

Blog | Facebook | Twitter | LinkedIn | Google+ | Tumblr | Pinterest

Sign up to receive our Hot Jobs Newsletter