Cybersecurity Lead Job

11/17/16
SAIC (www.saic.com)
Other

/yr

  Full Time   Employee


Mclean
Virginia
United States

Cybersecurity Lead (Job Number:421160)

Description:



JOB DESCRIPTION:

Ensures the rigorous application of cybersecurity policies, principles, and practices in the delivery of all information technology (IT) and cybersecurity services. Develops and designs security solutions to maintain confidentiality, integrity, and availability of information throughout the enterprise. Identifies, plans, and documents improvements to security controls currently in place. Develops and documents recommendations and courses of action (COAs) to solve complex cybersecurity problems. Develops and interprets cybersecurity requirements as part of the IT acquisition development process and assists in the formulation of cybersecurity/IT budgets. Plans and schedules the installation of new or modified security hardware, operating systems, and software applications. Ensures the assessment and implementation of identified computer and network environment fixes such as system patches and fixes associated with specific technical vulnerabilities as part of the Cybersecurity Vulnerability Management program. Guides the implementation of appropriate operational structures and processes to ensure an effective cybersecurity program, including boundary defense, incident detection, and response.

Daily activities include:

- Possesses an in-depth understanding and the ability to apply intermediate concepts of cyber engineering and cybersecurity
- Maintains in- depth knowledge and understanding of the DOD/DHS cybersecurity policies and the Risk Management Framework
- With no guidance, conducts cybersecurity engineering research and analysis, provides recommendations for the implementation of security mechanisms, and provides educational briefings on the recommended cybersecurity mechanism
- Contributes substantive content to the development of cybersecurity documentation, concept papers, and test plans required by Command policies and the Risk Management Framework
- Maintains comprehensive knowledge and understanding of DOD/DHS and/or Intelligence Community (IC) engineering efforts, across multiple engineering disciplines
- With no guidance, evaluates functional operation and performance in light of test results and makes recommendations regarding C&A
- Possesses a thorough understanding and ability to apply intermediate concepts of cyber engineering and cybersecurity
- Maintains thorough knowledge and understanding of the DOD/DHS cybersecurity policies and the Risk Management Framework
- Initiates actions to conduct cybersecurity engineering research and analysis and provides recommendations for the implementation of security mechanisms
- Initiates actions to apply advanced concepts of cyber engineering and cybersecurity to development and architecture projects
- Coordinates effort to develop cybersecurity documentation, concept papers, and test plans required by Command policies and the Risk Management Framework
- Analyzes complex information independently and takes appropriate actions, and reviews and implements recommendations from others
- Maintains extensive knowledge and understanding of DOD/DHS and/or IC engineering efforts, across multiple engineering disciplines
- Develops and delivers articulate and effective briefings/presentations on complex cybersecurity engineering topics as applicable to assigned projects to any size audience that may include high-level decision makers
- Prioritizes competing requirements and tasks, and manages long-term and short-term obligations
- Coordinates effort to develop all cybersecurity documentation, concept papers, and test plans required by Command policies and the Risk Management Framework
- Initiates actions to evaluate functional operation and performance in light of test results and makes recommendations regarding C&A
- Effectively provides engineering guidance to cybersecurity engineers Level I and II

JOB DESCRIPTION:

Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Applies extensive technical expertise and has full knowledge of other related disciplines. Receives assignments in the form of objectives and establishes goals to meet objectives. Provides guidance to subordinates to achieve goals in accordance with established policies. Work is reviewed and measured based on meeting objectives and schedules. Establishes and recommends changes to policies which affect subordinate organization(s). PROBLEM COMPLEXITY: Develops technical solutions to complex problems which require the regular use of ingenuity and creativity. FREEDOM TO ACT: Work is performed without appreciable direction. Exercises considerable latitude in determining technical objectives of assignment. Completed work is reviewed from a relatively long-term perspective for desired results. Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results. IMPACT: Guides the succesful completion of major programs. Erroneous decisions or recommendations would typically result in failure to achieve major organizational objectives. LIASON: Represents organization as prime technical contact on contracts and projects. Interacts with senior external personnel on significant technical matters often requiring coordination between organizations.

Qualifications:
REQUIRED SKILLS/EXPERIENCE:

- Minimum 9 years of experience with cybersecurity or information assurance
- Minimum of Bachelor’s Degree in a technical or business discipline from an accredited college or university in Computer Science, Cybersecurity, Computer Engineering, or related discipline
- Minimum DoD 8140 IAM Level II Certification (CAP, GSLC, CISM, CASP CE, CISSP)

SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC provides systems engineering and integration offerings for large, complex projects. Headquartered in McLean, Virginia, SAIC has approximately 15,000 employees and annual revenues of about $4.3 billion.

EOE AA M/F/Vet/Disability

Job Posting: Aug 15, 2016, 8:33:27 AM
Primary Location: United States-VA-MCLEAN
Clearance Level Must Currently Possess: Secret
Clearance Level Must Be Able to Obtain: Secret
Potential for Teleworking: No
Travel: None
Shift: Day Job
Schedule: Full-time

To apply for this job, contact:
Jane Ormerod

Save This Job

Email This Job to a Friend