DCS is looking for an experienced Cyber Security Information Assurance Engineer to join the team supporting Army Ground Combat Vehicle Systems and Software Integration and Test centers. Provide on-site Information System Security Officer (ISSO) / CyberSecurity Analyst/Engineer support to our Army customer in Warren, MI.
Essential Job Functions:
Compiles, develops, publishes, and maintains artifacts for the organization's DoD CyberSecurity Assessment and Authorization (A&A) Process utilizing the Risk Management Framework (RMF); prepares, develops, publishes, distributes, and maintains policy and plans, training, instructions, and guidance concerning CyberSecurity issues, and the Information Systems Security of IT systems and access to information from such systems.
Assure successful implementation and functionality of security requirements and appropriate IT policies and procedures that are consistent with the organizations mission and goals.
Define and/or implement policies and procedures to ensure protection of critical infrastructure (as appropriate).
Ensure that CyberSecurity requirements are integrated into the continuity planning for that system and/or organization(s).
Ensure that protection and detection capabilities are acquired or developed using the Information System security engineering approach and are consistent with organization-level CyberSecurity architecture.
Perform work that involves ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems, security programs, policies, procedures, and tools.
Participate in the development or modification of the computer environment CyberSecurity program plans and requirements.
Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
Preparation of Authorization System Documentation for submission to the Approving Authority (AO): Hardware and Software Lists, Hardware and Software diagrams, Plan Of Action and Milestones (POAM), Risk Assessment Report (RAR), Security Technical Information Guides (STIG), Manual and Inherited Security Controls, Firewall modifications for Ports and Protocols, CCB Charter and Documentation, Incident Response Plan, Contingency Plan, and Configuration Management Plan
Maintain thorough understanding of NIST 800-53/800-171 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM)
Conducts periodic surveys, audits and inspections to determine compliance with applicable regulations and policies, and reviews and evaluates the security impact of system changes, including interfacing with other automated systems.
Conducts risk/vulnerability assessments and detection/analysis to ensure compliance with customer programs and supports the Information System Security Manager (ISSM) / Information Systems Owner (ISO) in the management of CyberSecurity related program areas, projects, and actions to include, but not limited to DoD Ports, Protocols, and Services Management (PPSM) Registry, Public Key Infrastructure (PKI), Information Assurance Vulnerability Management (IAVM), CyberSecurity Policies, IT security incident handling, and the Anti-Virus (AV) protection program.
The CyberSecurity analyst/engineer is responsible for advising on protective measures that affect file access controls, software, and physical safeguards, vulnerability assessment scans, systems security evaluations and scans, audits, and reviews utilizing Secure Content Automated Protocol (SCAP) toolset and Security Technical Implementation Guides (STIGs).
Due to the sensitivity of customer related requirements, U.S. Citizenship is required.
Knowledge of Risk Management Framework (RMF).
Twelve years of relevant experience with Bachelor’s degree in one of the following but not limited to: Information Technology, Information Assurance, Computer Information Systems, Criminal Justice, or Engineering
Ability to Acquire and maintain security clearance and Single Scope Background Investigation (SSBI).
DOD 8570 IAT Level I certification (SANS Security Essentials, CISSP, Security +).
Experience with the classification process and the handling of classified material.
Excellent oral, written, and interpersonal communication skills and the ablity to liaison with outside agencies
Self-starter with ability to work independently, collaboratively, and customer service oriented
Possess high moral character and integrity.
Ability to travel (10-20%) to customer site(s).
Active Top Secret Clearance
DOD 8570 IAT Level II (SANS Security Essentials, CISSP, Security +), IASO Training, or equivalents
CAP and/or CEH certificates
Engineering development background Systems/Electrical/Computer/software
DOD Policy drafting and documentation
Ability to read network/electrical diagrams
Ability to employ scripting languages when required
Experience with Windows/Linux or similar operating environments
Experience with Network Architecture/Engineering