Gromelski and Associates, Inc.

System Engineer- Cyber Security (Imaging)

US-VA-Manassas
1 week ago
ID
2017-1045
# of Openings
1
Category
Engineering

Overview

Designs, develops, and implements security controls to preserve the confidentiality, integrity and availability of information systems on cutting-edge technology supporting one of the U.S. Navy’s most important projects.  Provides high-level security engineering expertise to develop security documentation packages consistent with federal requirements - specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Performs Certification and Accreditation (C&A) activities with government authorities and certification agents to obtain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems.

 

 

Responsibilities

Identifies technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls.  Tailors and configures security controls for specific product use, security assessment plan preparation, test procedure preparation, test execution, and reporting.  Provides support as the technical interface with customers, vendors, suppliers, and internal organization for related issues.  Identifies issues and recommends solutions both independently and as part of a team.  Candidate must have an active DoD Secret level security clearance.

Qualifications

Required Skills:

  • Extensive experience assessing and implementing security controls for customer enterprise information systems using the DoD 8500, NIST, and ICD.
  • Experience with TCP/IP and Network domain knowledge.
  • Experience with Linux (particularly Red Hat or RHEL) file systems, kernel design, and device-level driver integration.
  • Familiarity with using Bash/Shell to produce hardening scripts and workable knowledge of using utilities such as SCAP and ACAS to identify system vulnerabilities.
  • Familiarity with DISA STIG and the ability harden applications (e.g., OS, web server, database, etc.) in accordance with the recommended STIG guidance.
  • Ability to effectively communicate with the C&A authorities regarding security requirements and their implementation method.
  • Bachelor’s degree in related discipline - or equivalent professional experience – and three to five years’ professional experience.
  • Proactive/self-starter. Task driven with ability to work independently.
  • Team player that takes ownership and develops relationships that fosters team success.

Highly Desirable Skills:

  • Experience working in an Agile/Sprint release planning environment including depth of understanding of providing impact analysis on testing as Sprint and releases are introduced to the integration environment.
  • Existing certifications (Security+, CEH, Network+) and CISSP certification.

Contract Term: Full-Time Employee, 40 hours/week.

Start Date: Negotiable

Rate: Negotiable

Job Type: Full-time

Gromelski and Associates is a proud Equal Opportunity / Affirmative Action employer. Equal Opportunity Employer/Minority/ Female/Disability/Veteran. All qualified applicants will receive consideration for employment without regard to race, color, national origin, ancestry, citizenship status, protected veteran status, religion, creed, physical or mental disability, medical condition, marital status, sex, sexual orientation, gender identity or expression, age, or any other basis protected by law, ordinance, or regulation.

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed