Job Directory Sr. Security Engineer

Sr. Security Engineer
Dulles, VA

Companies like
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About

Job Description

Information Security Engineer

Residency Status: ALL CANDIDATES MUST BE A U.S. CITIZEN

Clearance: Active TS/SCI with the ability to obtain DHS Suitability prior to starting employment

Time Type: Full-Time

Relocation Fees: No

Bonus: Yes

Company Overview:

Novel Applications of Vital Information Inc. (Novel Applications) is a premier technology services company that provides solutions in the areas of Cyber Security, Information Management, Systems Integration. Novel Applications is a business that combines experience, creativity, flexibility, pragmatism, and cost-effective solutions in order to deliver measurable business value to our clients.

Headquartered in Fredericksburg Virginia, Novel Applications employs engineers, analysts, IT specialists and other professionals who strive to be the best at everything they do.

Novel Applications is an AA/EEO Employer - Minorities/Women/Veterans/Disabled.

Job Description:

NAVOI is seeking a Security Engineer which includes the analysis and support of federally accredited networks and systems designed to provide network boundary defense from sophisticated threat actors.

The ISE will review system documentation and design to ensure compliance with multiple federal security requirements standards through the application of security controls traceability matrices (SCTMs). You will review and update security documentation such as System Security Plans (SSP), Security Controls Traceability Matrix (SCTM), CONOPS, Risk Assessment Reports, Plan of Action and Milestones (POA&Ms), Interconnection Agreements, Risk Assessment Reports, Contingency Plans, and Security Assessment Reports to meet ICD 503, CNSSI 1253 and NIST SP 800-37 requirements. You will support the change request process by reviewing documentation in collaboration with network security engineers and subject matter experts to provide comprehensive recommendations to the customer. The ISE will conduct vulnerability scans against these systems and review results to document the residual risk associated with findings when evaluated against mitigations. As an ISE, you will also be responsible for working with ISSOs and ISSMs to ensure systems are operated and maintained in accordance with applicable policies, procedures, guidelines, and directives.

Responsibilities:

* Review and update security documentation such as that listed below to meet ICD 503, CNSSI 1253, NIST SP 800-37 and other applicable federal requirements:
* System Security Plans
* Security Controls Traceability Matrix (SCTM)
* CONOPS/SECONOPS
* Risk Assessment Reports
* Plan of Action and Milestones (POA&Ms)
* Interconnection Agreements
* Risk Assessment Reports
* Contingency Plans
* Security Assessment Reports
* Review policies and procedures as required for various security controls identified in the Security Controls Traceability Matrix (SCTM)
* Conduct reviews and validations of system configurations in accordance with applicable guidelines (i.e. customer, DISA STIGS and CIS Benchmarks).
* Conduct vulnerability and compliance scans (i.e. Nessus, SCAP) to determine overall system risk impacts and provide results to the customer and information system owner respectively
* Participate in change review meetings and document approved system changes
* Work with designated ISSOs/ISSMs to ensure systems are operated, maintained and disposed of in accordance with applicable governing policies, procedures, guidelines, and directives.

Required Skills:

* Minimum of eight (8) years of relevant experience
* Demonstrated application of federal information system security requirements as promulgated in FISMA, OMB, NIST SP 800-30, NIST SP 800-37, NIST 800-39, NIST 800-53, NIST 800-53A, NIST SP 800-137, CNSSI 1253, and ICD 503
* Familiar with applying security configurations, checklists or benchmarks such as DISA STIGs, United States Government Configuration Baseline USGCB, Center for Internet Security CIS, and The Security Content Automation Protocol SCAP
* Experience with vulnerability scanning and assessment tools such as Nessus and Fortify
* Ability to multi-task in a deadline-oriented environment
* Demonstrated ability to work well independently with little input, and as a part of a team
* Excellent work ethic and a high commitment to quality

Education:

* Bachelors Degree in an Information Technology related field and/or applicable equivalent work experience

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.