Information Systems Security Engineer
Imagine One Technology & Management
Imagine One is seeking an Information System Security Engineer (ISSE) to provide full life cycle support for the development, delivery and sustainment of the Assessment and Authorization (A&A) Navy Risk Management Framework (RMF) life cycle, ensuring systems receive and maintain authorization. The ISSE will provide independent assessments, reviews and implementation guidance for Department of Defense (DoD) and Department of the Navy (DON) acquisition, financial and Information Technology (IT) policies, laws and regulations.
The successful candidate will develop authorization packages, including System Categorization Statements, Network Diagrams, Data Flows, Ports, Protocols and Services Management (PPSM), External Connections, System Risk Assessments and System Security Plans, supporting documentation and Memorandum for the Record based on DON “use case” requirements. In addition, the ISSE will evaluate and assess compliance with established Cybersecurity (IA) policies and regulations, collaborate directly with the assigned validator defining mitigation strategies, evaluating DISA Security Technical Implementation Guides (STIG)/Security Requirements Guides (SRG) and checklist, engage with government staff, security personnel and NAVSEA stakeholders, development teams to communicate A&A requirements, understand system security, architecture and document IA posture for DON authorization/reauthorization and continuous authorization lifecycle requirements.
Required Qualifications:
A bachelors degree in in Science, Technology, Engineering, or Mathematics (or equivalent);
Current recognized Cybersecurity certification with continuing education requirements and 2-5 years’ experience.
Minimum compliance with DoD Manual 8570.01M (or equivalent) Cyber Information Technology/Cybersecurity Workforce IAM Level II is required.
Working knowledge and experience in:
Skills and abilities of Senior Level position.
Maintain a high level of attention to detail
Understanding of computer security and DoD Information Assessment & Authorization policies, DoD information security policies, relevant federal and private standards, requirements, Defense Information Systems Agency (DISA), National Institute of Standards (NIST) policies, Committee for National Security Systems (CNSS) policies, DoD/DON Communications Task Orders (CTO’s, TASKORD’s), and DoD Cybersecurity Vulnerability Messages (IAVM’s).
DoD STIGs and SRGs, the DISA STIG Explorer and the use of STIG/SRG Applicability Guide and Collection Tool (SCAP Tool) results. Conversant with how to obtain the latest STIGs/SRGs, how to create STIG/SRG checklists and import SCAP Tool results to STIG/SRG Checklists, assess and document the automated and manual assessment results of SCAP Tool, requirements and how to document the results in the STIG/SRG checklists, draft proposed mitigations for non-compliant results, and develop POA&Ms to resolve the non-compliant results.
Vulnerability analysis of information systems and identify, report, and resolve non-compliant cybersecurity controls.
Ability to navigate Ports, Protocols and Services and DISA Connection Process Guide (CPG)
Ability to recommend Cybersecurity solutions and controls to support requirements.
Cybersecurity compliance and secure cyber posture with respect to availability, integrity, confidentiality, and authentication.
Assessment and authorization packages.
Development of authorization artifact documentation to include engineering documentation, network drawings, and related documentation as required by authorization standards.
Configuration Management support.
Ability to communicate clearly and succinctly in written and oral presentations.
Technical Writing
Desired Qualifications:
Knowledgeable in areas concerning Navy Risk Management Framework (RMF) lifecycle Information Cybersecurity requirements and Information System Assessment and Authorization (A&A).
Experience with Department of Navy Authorizing Official (NAO) requirements, DON RMF specific templates, requirements, documentation, guidelines and procedures.
Experience with the Rapid Assess and Incorporate for Software Engineering in a Day (RAISED) process.
Familiar with the DoD Information Technology Portfolio Repository-Navy (DITPR-DON)/DON Application and Database Management System (DADMS) and the requirements for their use.
Fully Qualified Navy Validator (FQNV) or Navy Qualified Validator (NQV) certification
Experience with any of the following technologies: Platform Information Technology (PIT), Cloud Computing, Information System Virtualization, etc.
Assured Compliance Assessment Solution (ACAS), DoD Host Base Security System (HBSS) and DON Vulnerability Remediation Asset Manager (VRAM).
Experience with Enterprise Mission Assurance Support Service (eMASS)
Experience with Risk Management Framework (RMF) authorization packages.
Knowledge of cybersecurity implementation of Sarbanes-Oxley, Health Insurance Portability and Accountability Act of 1996 (HIPAA), and/or Clinger-Cohen Act requirements a plus
Security Requirements:
Active Secret clearance is required
U.S. citizenship required
Imagine One offers a full package of benefits and competitive salary, excellent group medical, vision and dental programs. 401K savings plan; $4K annual tuition reimbursement ($5K if pursuing Master’s degree); employee training, development and education programs; profit sharing; advancement opportunities; and much more!
ISO 9001:2015, ISO 20000-1:2018, ISO 27001:2013
CMMI Development Level 3
An Employee-Owned Business