Systems Security Architect w/polygraph
Herndon, VA

Job Description

Job Description

Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction

The Pivotal Cloud Foundry (PCF) Information System Security Engineer (ISSE) is a security engineer possessing deep technical skills with cutting edge technologies to enable PWS to remain authorized and supporting its mission to run meaningful production mission application workloads across the intelligence community. The ISSE will work in a strategic customer environment and deal with security issues involved with the day-to-day tasks of running the Pivotal Cloud Foundry managed Platform as a service (PaaS) on Amazon C2S. This service is referred to as Pivotal Web Services (PWS). The ISSE supports the PCF Operators ensuring the PWS platform is operated in a secure manner and retains its authorized status. Duties include managing patches and upgrades within the customer POAM and RMF processes, recommending security improvements to PCF developers, supervising patching and upgrades to the platform, software runtime versions and deploying language build packs in accordance with customer security policy and operational requirements. The PCF ISSE acts as the frontline security technical representative for the program, interacts and takes direction from the assigned Information System Security Manager (ISSM).

Education

Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education, professional training or work experience.

Qualifications

Desired Skills:

* 5+ years Expertise in security engineering
* Strong familiarity with the NIST and customer Risk Management Framework (RMF), including CNSSI 1253, ICD-503, NIST SP800-53 versions 3 thru 5, NIST SP800-137, ICS 500-27 (IC Enterprise Audit) and fundamentals of continuous monitoring
* Working understanding of the customer's vulnerability management program
* Strong understanding of the Center for Internet Security (CIS) security benchmarks, DISA Security Technical Implementation Guides (STIGs), and security hardening.
* Strong understanding of vulnerability management, Tenable Nessus, and vulnerability remediation processes
* Familiarity with ICD503 and NIST 800-53A security testing and demonstration of control compliance
* Familiarity with any of AWS CloudFormation, OpenStack Heat, Azure Resource Templates, or Google Deployment to automate deployment of cloud resources
* Exposure to cloud APIs such as Fog, Boto, libcloud or similar
* Exposure to automating tasks using a script or interpreted language such as bash, PowerShell, Perl, Python, or Java, and automation frameworks like Terraform, Vagrant, and Packer. Familiarity with Object Oriented Design Methodology, design, implementation, and administration, (J2EE, JSON, HTML, and XML).
* Experience with programming languages/frameworks including Java and JavaScript.
* Experience using configuration management tools like Puppet, Chef, Ansible, BOSH, etc.
* A clear understanding of container technologies such as Kubernetes, associated tools & challenges using them to support cloud workloads
* Familiarity with Amazon Web Services (AWS/C2S), Infrastructure as a Service (IaaS)
* Familiarity with Platform as a Service (PaaS) environments such as Cloud Foundry, Heroku, Elastic Beanstalk or similar
* Understanding of concepts of with configuration management scripting.
* Familiarity with source control management systems such as Git, Mercurial, Subversion, or Git/GitHub
* Experience with distributed systems and web architectures.
* Familiarity with the concepts of Continuous Integration and Continuous Deployment (CI/CD).
* General understanding of Site Reliability Engineering (SRE) concepts

Recommended Technical Skill Sets:

* Experience with DISA STIG Viewer
* Experience with Xacta360 or previous versions
* Experience defining and deploying security monitoring, metrics, and logging solutions/strategies across applications, systems and services where applicable
* Exposure to implementing systems that are highly available, scalable, and self-healing on premise, and on the AWS platform
* Working knowledge of firewalls and networking experience is a plus
* Experience providing managed services in an IaaS, PaaS, SaaS Public Cloud environment

For more than 50 years, General Dynamics Information Technology has served as a trusted provider of information technology, systems engineering, training and professional services to customers across federal, state, and local governments, and in the commercial sector. Over 40,000 GDIT professionals deliver enterprise solutions, manage mission-critical IT programs and provide mission support services worldwide. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.