Apply on Employer Site

Centuria · 3 months ago

Information System Security Engineer III

Philadelphia, PA

Full-time

Onsite

Senior Level

7+ years exp

Centuria is a Service-Disabled Veteran-Owned Small Business (SDVOSB) that has been providing IT, Engineering, and Scientific solutions to the Federal Government since 2002. They are seeking an Information System Security Engineer III to assist with developing and maintaining Risk Management Framework (RMF) system security plans, executing security control testing, and ensuring compliance with IT and Cyber Security standards.

Natural ResourcesSupply Chain Management

Diversity & Inclusion

No H1B

Security Clearance Required

Responsibilities

Assist with the developing, maintaining, and tracking Risk Management Framework (RMF) system security plans, which include System Categorization Forms, Platform Information Technology (PIT) Determina Checklists, Assess Only (AO) Determination Checklists, Implementation Plans, System Level Continuous Monitoring (SLCM) Strategies, System Level Policies, Hardware Lists, Software List, System Diagram Privacy Impact Assessments (PIA), and Plans of Action and Milestones (POA&M)

Execute the RMF process in support of obtaining and maintaining Interim Authority to Test (IATT), AO approval, Authorization to Operate (ATO), and Denial of Authorization to Operate (DATO). Identify and tailor IT and Cyber Security (CS) control baselines based on RMF guidelines and categorization of the RMF boundary

Perform Ports, Protocols, and Services Management (PPSM). Perform IT and CS vulnerability-level risk assessments

Execute security control testing as required by a risk assessment or annual security review (ASR). Mitigate and remediate IT and CS system level vulnerabilities for all assets within the boundary per STIG requirements. Develop and maintain Plans of Actions and Milestones (POA&M) in Enterprise Mission Assurance Support Service (eMASS)

Develop and maintain system level IT and CS policies and procedures for respective RMF boundaries in accordance with guidance provided by the command ISSMs. Implement and assess STIG and SRGs

Perform and develop vulnerability assessments with automated tools such as Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP) Compliance Check (SCC) and Ev STIG

Deploy security updates to Information System components

Perform routine audits of IT system hardware and software components. Maintain inventory of Information System components

Participate in IT change control and configuration management processes

Upload vulnerability data in Vulnerability Remediation Asset Manager (VRAM). Image or re-image assets that are part of the assigned RMF boundary

Install software and troubleshoot software issues as necessary to support compliance of the RMF boundaries’ assets

Assist with removal of Solid-State Drive (SSD), Hard Disk Drive (HDD) or other critical components of assets before destruction and removal from the RMF boundary

Provide cybersecurity patching of assets in response to DoD and DoN TASKORDs, FRAGORDs, or as required by Command ISSM, ACIO, and/or Code 104 management

Support configuration change documentation and control processes and maintaining DOD STIG Compliance

Support cyber compliance of assets that are part of an enterprise IT network to include Windows server and CISCO networking hardware. This includes assessing vulnerabilities, patching and meeting requirements the STIG for the hardware

Report compliance issues of network hardware to management to avoid operational loss of the network

Qualification

Risk Management FrameworkCybersecurity ComplianceVulnerability AssessmentSecurity Control TestingInformation System SecurityIT Change ControlConfiguration ManagementSTIG ComplianceSoftware TroubleshootingTeam CollaborationProblem SolvingCommunication Skills

Required

Bachelor's degree in computer science, information technology, or an equivalent STEM degree from an accredited college or university

Seven (7) years professional experience capturing and refining information security operational and security requirements and ensuring those requirements are properly addressed through purposeful development, and configuration, and implementing security controls, configuration changes, software/hardware updates/patches, vulnerability scanning, and securing configurations

Minimum Certification Requirement: IAT-III (CASP+ CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP)