Cybersecurity Design and Engineering Professional - ISSO - Senior
Posted on Jun 14, 2019 by Perspecta
- Provide highly innovated solutions.
- Routinely exercise independent judgment in developing methods, techniques and criteria for achieving objectives.
- Develop strategy and set functional policy and direction.
- Act as a functional manager within area of expertise but does not manage other employees as a primary job function.
- Lead large, cross- division functional teams or project the affect the organizations long-term goals and objectives.
- Participate in cross-division, multi-function teams.
- Provide mentoring and guidance to lower level employees.
- Lead scope development, design, delivery and maintenance of projects focused on cybersecurity systems architecture, infrastructure and/or engineering in client/company legacy environments and within company solutions.
- Lead the design, development, enhancement and organization of the architecture and infrastructure of the cybersecurity embedded in or overlaid on a client's or company's technology solutions.
- Guide the output of cybersecurity teams on large projects and leads the security requirements definition, documentation, development and deployment processes.
- Combine deep industry expertise with a thorough understanding of information and cybersecurity technology to develop innovative cybersecurity solutions, architectures and infrastructures and influence a client's and/or internal stakeholder's strategic decisions.
- Collaborate with systems architects on a secure solution's strategy, design and development.
- Design and perform cybersecurity solution testing that isolates potential issues prior to development.
- Provide consulting to Agencies on Requests for Service for the design, development, and deployment of Ongoing Assessment, Ongoing Authorization, and other Information Assurance (IA) initiatives.
- Provide continuous monitoring to enforce client security policy and procedures and create processes that will provide increased visibility to system owners on impacts to the security posture of systems.
- Ensure system security measures comply with applicable government policies.
- Monitor configuration management changes and assess the impact of modifications and vulnerabilities for each system.
- Ensure that system security requirements are addressed throughout the project and system lifecycle.
- Ensure effective controls and processes are in place and working effectively to maintain a strong system security posture.
- Perform vulnerability/risk assessment analyses to support Assessment & Authorization (A&A) activities.
- Develop, maintain and facilitate the appropriate closure of POA&Ms and facilitate with the Agency-designated security Point of Contact (PoC)/ISSO any related remediation activities.
- Understand and monitor operations processes, including but not limited to, the Incident Response Process and Communications Process, to ensure that they are followed properly at Agencies for applicable CDM solutions and tools; Ensure the development, documentation and presentation of IS security education, awareness, and training activities for users and others, as appropriate.
- Provide prompt feedback to CDM Project Management, Engineering and Operations personnel in a timely manner and provide ongoing education on security protocols and procedures.
- 5 years of experience in InfoSec specializing in NIST RMF-DHS-specific experience highly desired.
- Experience with AWS Cloud, Azure Cloud, or Cloud implementations and environments.
- Extensive knowledge and experience with information security standards, policies and practices - NIST SP 800-53 rev4, SP 800-37 rev2, FIPS-199, DHS 4300A.
- Demonstrated experience writing information system security documentation (System Security Plans (SSP), Plans of Action and Milestones (POA&Ms), PTAs, PIAs, CMPs, CPs, and IRPs).
- Experience using vulnerability assessment tools (NESSUS, AppDetective, etc.), analyzing and interpreting assessment results.
- Extensive experience analyzing information technology and system risk in complex environments and articulating results (verbal/reports) to all levels of management.
- Ability to research and address information security issues as required as an authority on the subject.
- · Strong understanding of infrastructure technologies and functionalities (e.g., firewalls, Windows/Linux servers, Active Directory (AD), Splunk, Solarwinds, CyberArk, etc.)
- Extensive Cyber and IT security knowledge.
- Strong understanding of Cyber and IT security risks, threats and prevention measures.
- Solid secure system architecture and infrastructure design and development skills.
- Extensive skills in relevant program/scripting languages.
- Understanding of security standards and best practices.
- Good risk assessment and management skills.
- Comprehensive understanding of networking and network security.
- Strong knowledge of relevant security tools and products.
- Project management skills.
- DoD 8570 approved baseline certification (s) (i.e., CISSP, CISM) preferred.
- Experience with DHS Ongoing Authorization Program Framework and use cases preferred.
- Experience with DHS Continuous Diagnostics and Mitigation (CDM), a plus.
- FedRAMP experience a plus.
- A self-starter with the ability to think outside of the box to design effective solutions.
- Require excellent verbal and written communication skills as this position will interact with senior-level executives.
- Active Secret or Top-Secret clearance desired.
Perspecta is an EOE / Female / Minority / Individual with Disabilities / Protected Veteran Status
If you are looking for challenges in a pleasant and international work environment, we definitely want to hear from you.