Info Assurance Engineer Sr Stf
Company Name:
Jacobs Technology
Responsibilities:
This position shall perform security controls assessments that are an integral part of the Assessments and Authorizations process. Perform A&A; scanning, comprehensive assessment testing, penetration testing, documentation, reporting and analysis requirements. This includes performing dedicated functions for all customer missions involved with Assessments and Authorizations or compliance with applicable National Intelligence Community or Department of Defense information system security guidance.
Duties may include, but not limited to:
Perform comprehensive security assessments of identified and applied security controls. Provide summaries of initial assessments in Security Assessment Reports (SAR) that address the technical evaluation and results of assessment, identify weaknesses or deficiencies, and recommend corrective actions for risk mitigation.
Perform and assess the degree to which a system is compliant with operating system, network, and application security STIG reviews.
Perform host and network based security control assessments, determine residual security risks, prepare assessment test reports, prepare and assess test plans, and provide formal recommendations in support of authorization.
Perform mobile device and mobile application security reviews and document results of such reviews.
Provide support to OCIO at internal/external meetings, conferences, and technical exchange meetings, and working groups for all activities with regard to information security and risk management.
Provide testing support for evaluations and shall provide specific test plans and testing services tailored to security controls of the systems being tested. The tester will use customer accepted tools and techniques, including but not limited to manual testing, web assessment software, vulnerability scanning, pen testing tools, and in house scripts as approved by the customer. Tests may be conducted either remotely or locally on the systems to ensure compliance and to identify security vulnerabilities, risks, threats and gaps.
Review and analyze the findings that identify security issues on the system. The contractor shall compile results and finding into a final Security Assessment Report, along with assessments and recommendations for remediation. The final report shall provide analysis for the DAO, Information System Security Engineer (ISSE), and PM for compliance with security controls, remediation, and informational purposes. The report shall comprehensively encompass both technical and non-technical findings, assessments, and recommendations.
Conduct testing and scanning via customer''s accepted techniques and scanning tools, including manually (software and hardware) used either remotely or locally on the systems to evaluate compliance and to identify security vulnerabilities, threats, risks, and gaps. The contractor shall review and analyze the findings that identify security issues on the system. The final report shall provide analysis for the DAO and PM for remediation and informational purposes. The report shall comprehensively encompass both technical and non-technical security compliance results.
Review security plans, test the documented systems in accordance with applicable policies and guidelines, and document results of the testing; either recommend authorization approval or not approved for authorization with rationale supporting recommendation.
Assist with providing detailed test plans and conducting security testing of security controls specific to security boundaries, including Cross Domain Solutions (CDS).
Provide on-site and/or remote testing in support of FISMA through manual testing, vulnerability scans and penetration testing at industrial and customer-hosted sites both CONUS and OCONUS. Work will be authorized and coordinated by the Government on a trip by trip basis.
Augment cyber penetration testing activities in the planning, execution, tracking, and reporting of Blue/Red Team Assessments consisting of identifying and exploiting vulnerabilities on customer systems.
Coordinate and conduct Blue Team assessments to identify vulnerabilities and correct weaknesses in customer networks. The Blue Team will work cooperatively with Key Components (KCs) to provide notification and make recommendations to mitigate those vulnerabilities and assist in corrective actions.
Qualifications:
TS/SCI+
CLEARANCE REQUIRED
Required Skills: (Within 6 months)
Certified in accordance with DoD 8570.01, Information Assurance Training, Certification and Workforce Management in either Information Assurance Technical or Information Assurance Management Level III
Required
Experience:
MS degree and thirteen (13) years of direct experience, or Ph.D. degrees and nine (9) years direct experience.
Minimum of 12 years' experience in systems engineering/analysis as applied to the cybersecurity, security testing, information assurance, or related field; candidate must have experience with application of security controls to information systems.
Knowledge, Skills & Abilities
Knowledge and experience in security disciplines including, but not limited to, information systems security, operations security, administrative security, personnel security, physical security and communications security
Knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation
Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption)
Knowledge of network access, identity, and access management (e.g., public key infrastructure PKI )
Knowledge of security system design tools, methods, and techniques
Knowledge of relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure
Knowledge of TCP/IP networking technologies, Windows Active Directory and UNIX account administration, Windows Active Directory and UNIX folder permissions, Patch Management best practices on Operating Systems and applications, known vulnerabilities associated with Windows and UNIX platforms
Knowledge of OSI model and how specific devices and protocols interoperate, including knowledge of protocols, and services for common network traffic
Knowledge of DoD/IC system security control requirements
Knowledge and experience with XACTA
Knowledge of DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and the NGA security controls assessment criteria/procedures
Knowledge of NGA roles, missions, and operational enterprise architecture
Knowledge of roles and procedures of red/blue team activities
Knowledge of industry information security standards and protocols
Knowledge of commercial or military software development methodologies, process, and standards
Knowledge of web services protocols, including Simple object Access Protocol (SOAP), Web Services Description Language (WSDL), and Universal Description, Discovery and Integration (UDDI)
Knowledge of structured content tools and languages, and content management systems
Knowledge of known vulnerabilities from alerts, advisories, and bulletins
Skill in using network analysis tools to identify vulnerabilities
Skill in assessing the robustness of security systems and designs
Skill in designing security controls based on IA principles and tenets
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
Skill in developing and applying security system access controls
Skill in assessments of industry IT operating system, software database, or hardware
Skill in systems engineering, requirements analysis, system development, software development, or hardware development as applied to the information assurance or cyber security field
Ability to prepare the various types of security related documents
Ability to conduct vulnerability scans and recognize vulnerabilities in security systems
Ability to evaluate the trustworthiness of the supplier and/or product
Ability to evaluate the adequacy of security designs
Ability to establish effective working relationships internally and externally to NGA -
Experience in assessing test results and providing information to organizational seniors
Experience as subject matter expert with demonstrated competency in distinct functional or cross-functional security areas (e.g., information security compliance, risk management, security engineering, IT operations security, cybersecurity).
Experience in providing advanced analysis and observations resulting in actionable recommendations
Physical Requirements:
Most work will be done at a desk or computer.
Work Environment:
General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers.
Equipment and Machines:
General office equipment including PC/laptop, Fax, Copiers, Shredder, Printers, Telephone, and other miscellaneous office equipment.
Attendance:
Attendance is critical at all times. Must be able to work a 40 hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.
Other
Essential Functions:
Must be able to communicate effectively both verbally and in writing
Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others
Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation
Must be able to interface with individuals at all levels of the organization both verbally and in writing
Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously.
Must work well under pressure to meet deadline requirements
Must be willing to travel as needed
Must take and pass a drug test and background check
Requisition Number: 17305
Estimated Salary: $20 to $28 per hour based on qualifications.
Jacobs Technology
Responsibilities:
This position shall perform security controls assessments that are an integral part of the Assessments and Authorizations process. Perform A&A; scanning, comprehensive assessment testing, penetration testing, documentation, reporting and analysis requirements. This includes performing dedicated functions for all customer missions involved with Assessments and Authorizations or compliance with applicable National Intelligence Community or Department of Defense information system security guidance.
Duties may include, but not limited to:
Perform comprehensive security assessments of identified and applied security controls. Provide summaries of initial assessments in Security Assessment Reports (SAR) that address the technical evaluation and results of assessment, identify weaknesses or deficiencies, and recommend corrective actions for risk mitigation.
Perform and assess the degree to which a system is compliant with operating system, network, and application security STIG reviews.
Perform host and network based security control assessments, determine residual security risks, prepare assessment test reports, prepare and assess test plans, and provide formal recommendations in support of authorization.
Perform mobile device and mobile application security reviews and document results of such reviews.
Provide support to OCIO at internal/external meetings, conferences, and technical exchange meetings, and working groups for all activities with regard to information security and risk management.
Provide testing support for evaluations and shall provide specific test plans and testing services tailored to security controls of the systems being tested. The tester will use customer accepted tools and techniques, including but not limited to manual testing, web assessment software, vulnerability scanning, pen testing tools, and in house scripts as approved by the customer. Tests may be conducted either remotely or locally on the systems to ensure compliance and to identify security vulnerabilities, risks, threats and gaps.
Review and analyze the findings that identify security issues on the system. The contractor shall compile results and finding into a final Security Assessment Report, along with assessments and recommendations for remediation. The final report shall provide analysis for the DAO, Information System Security Engineer (ISSE), and PM for compliance with security controls, remediation, and informational purposes. The report shall comprehensively encompass both technical and non-technical findings, assessments, and recommendations.
Conduct testing and scanning via customer''s accepted techniques and scanning tools, including manually (software and hardware) used either remotely or locally on the systems to evaluate compliance and to identify security vulnerabilities, threats, risks, and gaps. The contractor shall review and analyze the findings that identify security issues on the system. The final report shall provide analysis for the DAO and PM for remediation and informational purposes. The report shall comprehensively encompass both technical and non-technical security compliance results.
Review security plans, test the documented systems in accordance with applicable policies and guidelines, and document results of the testing; either recommend authorization approval or not approved for authorization with rationale supporting recommendation.
Assist with providing detailed test plans and conducting security testing of security controls specific to security boundaries, including Cross Domain Solutions (CDS).
Provide on-site and/or remote testing in support of FISMA through manual testing, vulnerability scans and penetration testing at industrial and customer-hosted sites both CONUS and OCONUS. Work will be authorized and coordinated by the Government on a trip by trip basis.
Augment cyber penetration testing activities in the planning, execution, tracking, and reporting of Blue/Red Team Assessments consisting of identifying and exploiting vulnerabilities on customer systems.
Coordinate and conduct Blue Team assessments to identify vulnerabilities and correct weaknesses in customer networks. The Blue Team will work cooperatively with Key Components (KCs) to provide notification and make recommendations to mitigate those vulnerabilities and assist in corrective actions.
Qualifications:
TS/SCI+
CLEARANCE REQUIRED
Required Skills: (Within 6 months)
Certified in accordance with DoD 8570.01, Information Assurance Training, Certification and Workforce Management in either Information Assurance Technical or Information Assurance Management Level III
Required
Experience:
MS degree and thirteen (13) years of direct experience, or Ph.D. degrees and nine (9) years direct experience.
Minimum of 12 years' experience in systems engineering/analysis as applied to the cybersecurity, security testing, information assurance, or related field; candidate must have experience with application of security controls to information systems.
Knowledge, Skills & Abilities
Knowledge and experience in security disciplines including, but not limited to, information systems security, operations security, administrative security, personnel security, physical security and communications security
Knowledge of IA principles and organizational requirements that are relevant to confidentiality, integrity, availability, authentication, and non-repudiation
Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption)
Knowledge of network access, identity, and access management (e.g., public key infrastructure PKI )
Knowledge of security system design tools, methods, and techniques
Knowledge of relevant laws, policies, procedures, or governance as they relate to work that may impact critical infrastructure
Knowledge of TCP/IP networking technologies, Windows Active Directory and UNIX account administration, Windows Active Directory and UNIX folder permissions, Patch Management best practices on Operating Systems and applications, known vulnerabilities associated with Windows and UNIX platforms
Knowledge of OSI model and how specific devices and protocols interoperate, including knowledge of protocols, and services for common network traffic
Knowledge of DoD/IC system security control requirements
Knowledge and experience with XACTA
Knowledge of DCID 6/3, ICD 503, CNSSI 1253, NIST SP 800-53, NIST SP 800-53A, NIST SP 800-37, and the NGA security controls assessment criteria/procedures
Knowledge of NGA roles, missions, and operational enterprise architecture
Knowledge of roles and procedures of red/blue team activities
Knowledge of industry information security standards and protocols
Knowledge of commercial or military software development methodologies, process, and standards
Knowledge of web services protocols, including Simple object Access Protocol (SOAP), Web Services Description Language (WSDL), and Universal Description, Discovery and Integration (UDDI)
Knowledge of structured content tools and languages, and content management systems
Knowledge of known vulnerabilities from alerts, advisories, and bulletins
Skill in using network analysis tools to identify vulnerabilities
Skill in assessing the robustness of security systems and designs
Skill in designing security controls based on IA principles and tenets
Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
Skill in developing and applying security system access controls
Skill in assessments of industry IT operating system, software database, or hardware
Skill in systems engineering, requirements analysis, system development, software development, or hardware development as applied to the information assurance or cyber security field
Ability to prepare the various types of security related documents
Ability to conduct vulnerability scans and recognize vulnerabilities in security systems
Ability to evaluate the trustworthiness of the supplier and/or product
Ability to evaluate the adequacy of security designs
Ability to establish effective working relationships internally and externally to NGA -
Experience in assessing test results and providing information to organizational seniors
Experience as subject matter expert with demonstrated competency in distinct functional or cross-functional security areas (e.g., information security compliance, risk management, security engineering, IT operations security, cybersecurity).
Experience in providing advanced analysis and observations resulting in actionable recommendations
Physical Requirements:
Most work will be done at a desk or computer.
Work Environment:
General Office environment. The work environment is fast-paced and sometimes involves extreme deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers.
Equipment and Machines:
General office equipment including PC/laptop, Fax, Copiers, Shredder, Printers, Telephone, and other miscellaneous office equipment.
Attendance:
Attendance is critical at all times. Must be able to work a 40 hour workweek, normally Monday through Friday. However, times and days may vary depending on business requirements. Needs to be available to work overtime during critical peaks and be available to meet last minute requests for overtime should the situation occur.
Other
Essential Functions:
Must be able to communicate effectively both verbally and in writing
Grooming and dress must be appropriate for the position and must not impose a safety risk/hazard to the employee or others
Must put forward a professional behavior that enhances productivity and promotes teamwork and cooperation
Must be able to interface with individuals at all levels of the organization both verbally and in writing
Must be well-organized with the ability to coordinate and prioritize multiple tasks simultaneously.
Must work well under pressure to meet deadline requirements
Must be willing to travel as needed
Must take and pass a drug test and background check
Requisition Number: 17305
Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
