Junior Information System Security Engineer
Arlington, VA

Job Description

* Bachelor's degree in communications, computer science, engineering or information assurance
* Three plus (3+) years of experience, or applicable experience in lieu of degree
* Knowledge and experience with DCID 6/3, ICD 503, NIST SP 800-53, and/or other intelligence community standards relating to information security

Preferred Qualifications

* Knowledge and experience with server/client technologies, OSI model and the TCP/IP model
* Experience with security vulnerability assessment tools (e.g., Nessus, WASSP, SECSCAN) and network scanning tools (e.g., Nessus, Nmap)
* Experience with Windows Server 2003/2008, Windows Domains, Active Directory, DNS and GPO's
* Knowledge and experience with the certification and accreditation process.

Security Requirements

An active Top Secret/SCI security clearance and current investigation are required.

SRC, Inc. is seeking an information assurance analyst to work in Arlington, VA. The selected candidate will be part of an integrated information assurance team composed of customer and teammate personnel, and will perform in the capacity of an Information System Security Engineer.

Responsibilities

* Assist the project team with developing and maintaining system security plans (SSP) and related security documentation
* Understand and implement security requirements for systems with protection levels of 1-5, and ensure the successful completion of the certification and accreditation process
* Ensure that information systems securely operate according to the security controls documented in the SSP once systems are approved for the production environment
* Ensure proper operational security by: assist administrators with operational security compliance in accordance with DCID 6/3, ICD 503 and NIST 800-53
* Review system audit logs
* Review administrator actions and adherence to security policies and regulations
* Review account activity for administrators, privileged users and general users
* Respond to security incidents and events Review and approve proposed changes to system baseline configurations
* Enforce standard configuration management practices
* Work closely with the component information system security manager through regular briefings, meetings and discussions in regard to information security