Apply on Employer Site

Amentum · 2 months ago

Information Systems Security Engineer - Principal

Fort Meade, MD

Full-time

Onsite

Lead/Staff

$210K/yr - $235K/yr

15+ years exp

Amentum is seeking a Principal Information Systems Security Engineer to join our team of passionate individuals. In this role, you will support mission-critical projects that impact the Nation’s security and intelligence mission, providing cybersecurity guidance and conducting risk assessments for new technology solutions.

Mechanical EngineeringSecurityTechnical Support

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conduct cybersecurity risk assessments and provide prioritized risk mitigation recommendations in support of the technical solution requirements

Help define security requirements for new technology solutions and prototypes

Analyze solution architecture by evaluating against defined security requirements to identify security gaps, and provide mitigation strategy

Review security requirements while collaborating in multifunctional teams providing a holistic cyber security posture

Research and evaluate emerging technologies to determine cybersecurity effectiveness

Aid stakeholders through the design, build, configuration, and implementation of innovative solutions and capabilities

Engage stakeholders to ensure security objectives, protection needs, security requirements and associated validation methods are defined and implemented

Validate and verify system security requirements and establish system security design

Design, develop, implement, and integrate IA and security systems and components for networking, computing, and unified capabilities services, across multiple enclaves with different data protection/classification requirements

Assist architects and engineers in the identification and implementation of information security functionality to ensure uniform application of security policies

Contribute to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations

Utilize eMASS/XACTA to document security controls, track vulnerabilities, generate reports, and manage the ATO process

Prepare and review RMF artifacts to be used for new IS accreditation

Lead the creation and completion of System Security Plan (SSP) for a new IS prototype

Foster positive relationships between government, military, and contracting personnel

Qualification

Risk Management Framework (RMF)Cybersecurity risk assessmentsEMASSCommon VulnerabilitiesExposures (CVEs)MITRE ATT&CK frameworkZero TrustCloud ComputingSecurity Technical Implementation Guides (STIGs)Assured Compliance Assessment Solution (ACAS)Incident responseSystem Security Plan (SSP)TroubleshootingTechnical presentationsTeam collaborationIndependent workDetail-oriented

Required

BS degree or equivalent in the fields of mathematics, telecommunications, electrical engineering, computer engineering, or computer science, Cybersecurity, Information Security, etc

15 years of experience as a Cyber Security Engineer or Systems Engineer

Experience presenting technical information to both technical and non-technical audiences to include senior stakeholders

Expertise in the Risk Management Framework (RMF) and conducting cybersecurity risk assessments

Experience identifying, mitigating, and managing IT system Common Vulnerabilities and Exposures (CVEs) and Information Assurance Vulnerability Alerts (IAVAs)

Experience using the MITRE ATT&CK framework to identify adversary TTPs

Experience using eMASS to manage Authority To Operate (ATO) processes

Experience developing and documenting system security requirements and conducting requirements gap analysis

Experience with security monitoring and incident response capabilities

Experience with emerging technologies such as Zero Trust, Cloud Computing, etc

Experience in evaluating and implementing Cyber security tools for assessing and maintaining system security within the Department of Defense (DoD)

Experience in ensuring the establishment and satisfaction of cyber security and security requirements based upon analysis of user, policy, regulatory, and resource demands

Ability to define requirements for business continuity, operations security, regulatory compliance, and insider threat detection and mitigation to best protect information assets

Implement and validate security designs in hardware, software, data, and procedures

Demonstrated ability to work with Systems Architects and Engineers, acquire information for resolving controls and POAMs and update the customer's A&A system

Skilled in performing analyses to ensure threat assessments, protection, detection, and reaction functions are performed

Ability to analyze general cyber security-related technical problems and provide basic engineering and technical support in solving these problems

Expertise implementing Security Technical Implementation Guides (STIGs) and Assured Compliance Assessment Solution (ACAS) or other vulnerability management tool

Knowledge of connection security approval processes and compliance policies

Ability to troubleshoot technical configurations and make recommendations on the protection of classified and sensitive data

Demonstrated proficiency with the following computer operating systems (e.g. Microsoft Windows, LINUX, UNIX, Mac OS, etc.)

Ability to work independently within a schedule and with little direction

Ability to travel up to 10%

Must have active Top Secret clearance with SCI eligibility

Current DOD 8570 Information Assurance Technician "IAT" III certification