The Security Engineer utilizes in-depth understanding and experience in current DoD Risk Management Framework, Platform IT (PIT), and the implementation of Cyber Security and IA boundary defense techniques and various IA-enabled appliances to facilitate certification and security engineering tasks in support of the customer’s system security objectives.
Essential Job Functions:
Researches and recommends logical and physical solutions that prevent, detect and correct the system to be certified and accredited.
Research and apply DISA Security Technical Implementation Guides (STIGs) and NSA recommendations.
Plan, Develop, execute and document results of security test procedures.
Lead Risk Management Framework (RMF) efforts to obtain Authorization to Operate (ATO) or transition legacy DIACAP ATOs to RMF and resolve issues in the event a US Naval warfare system holds an Interim ATO (IATO).
Due to the sensitivity of customer-related requirements, U.S. Citizenship is required.
High school diploma with a minimum of 13 years of experience or a Bachelor's degree plus 5 years.
Active Secret clearance.
Requires five years’ specific experience analyzing and securing DoD or information technology systems for compliance with Cyber Security policies and requirements.
IAT Level II or Level III certification in accordance with DoD 8570.01.
Familiarity with the DISA Enterprise Mission Assurance Support Service (eMASS) application as used to develop, manage and track IA artifacts.
Familiarity with the process and procedures used to derive, document and/or identify system CONOPS for Mission Assurance Categorization per DoDI 8500.2.
Familiarity with analysis and testing of a US Naval Combat System against known vulnerabilities based upon security approaches and known hacker techniques and exploits.
Must be familiar with security control selection, implementation and assessment processes as they relate to preparing and reviewing/monitoring RMF packages.
Familiarity with preparation and execution of an Information Assurance Vulnerability Management (IAVM) Plan.
Understanding of computer security, military system specifications, DoD IA policies and the ability to communicate clearly and succinctly in written and oral presentations.
Must be proficient in the use of the MS Office Suite (MS Word, MS Excel, MS Visio) and other tools to document a system from an IA perspective.
Appointment as a Navy Qualified Validator (Level II) highly desired.
Familiarity with Naval Combat Systems and Platform IT.
Bachelor’s (BS/BA) degree.
Experience researching, assessing and performing continuous monitoring under the RMF process in accordance with DoD 8510.01 and NIST Publication.