Senior Cyber Engineer
- Military veterans preferred
2022-05-15 SAIC (www.saic.com)
Other
/yr
full-time
employee
Patuxent River Maryland 20670 United States
Description
SAIC is seeking an Informance Assurance Engineer to support the NAVAIR Aviation Logistics Environment LOG-IT project. This project is focused on providing state of the art systems and support the fleet effectively and efficiently. This position includes cyber technical analysis, continuous monitoring and analysis, and technical evaluations in support of current and future proposed applications, systems, and solutions across within PEO (CS) LOG-IT. Work includes conducting detailed technical analysis, technical reviews, developing technical artifacts supporting application and system security categorization; implementing security controls and required mitigation and remediation artifacts; conducting application and system authorization technical requirements according to Navy Risk Management Framework (RMF) policy; and continuously assessing and monitoring application, system, and solution authorization status through the use of both automated and manual technical assessments.
Work will be performed on site in Patuxent River, MD.
This opportunity is contingent upon contract award, anticipated in Summer 2022.
Primary Responsibilities
Conduct Assessment and Authorization (A&A) activities for several high level programs per the DOD RMF (Risk Management Framework) 6-step process (categorizing to continuous monitoring) for system accreditations
Perform manual STIG/SRG checklists, Nessus Assured Compliance Assessment Solution (ACAS) and SCAP Compliance Checker (SCC) assessments to secure software and hardware in order to secure the system and reduce or eliminate security vulnerabilities
Provide support as an ISSE on the CAMEO application
Support the administration of the HBSS deployment in a lab and production environment
Implement the Department of Defense (DoD) Risk Management Framework (RMF) in accordance with DoDI 8510.01 for the analysis, design, development, implementation and security assessments to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, CNSSI 1253, and DoD RMF Knowledge Service guidance
Expert knowledge of operating systems (Linux, Windows), network protocols and technologies, web services, databases, scripting and firewalls
Provide in depth software architecture, systems engineering, verification and validation
Establish major aspects of the system development life cycle (SDLC) requirements, design, implementation, and test
Review proposed new systems, networks and software designs for potential security risks, recommending mitigations or countermeasures, and resolving integration issues
Provide experience and expertise with security engineering and analysis, architecture and design
Selecting, documenting, and assessing NIST security controls on newly developed systems
Communicate with the ability to interact well in group meeting/working environments
Support enterprise compliance and risk management and endures compliance
Strong communication skills with multiple DoD agencies
Experience writing, managing, and/or adjudicating System Security Plans (SSP) and all associated security controls documentation.
Qualifications
Required:
Must be a US Citizen
Top Secret Clearance
Must be able to pass a background investigation with a favorable adjudication
DODI 8570-1M Cybersecurity Workforce IAT/IAM Level II or III
Minimum of 7-10 years of cybersecurity experience
Bachelor's degree or equivalent in experience
Must be able to work customer site in PAX River, MD
Desired Experience & Skills:
CISSP or equivalent
GIAC Penetration Tester (GPEN)
Minimum of 7 years of experience, preferably with a Bachelor’s Degree in Cybersecurity or Computer Science
Risk Management Framework (RMF) and Assessment and Authorization (A&A)
NIST Special Publications
Navy Qualified Validator (NQV)
DoD Information Assurance Certification and Accreditation Program (DIACAP)
DISA Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
Vulnerator
Enterprise Mission Assurance Support Service (eMASS)
Administration and/or development with:
Microsoft Windows Operating Systems
Red Hat Enterprise Linux (RHEL)
Java
Apache Tomcat
PostgreSQL
Virtualization
Cloud-based technologies
Creation of network architecture and data-flow diagrams
Familiarity with Navy Research, Development, Test, and Evaluation (RDT&E) Environments
Experience at a joint program office or enterprise level
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.