Apply on Employer Site

TekSynap · 1 month ago

Information Systems Security Engineer w/TS/SCI CI Poly

Washington, DC

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

TekSynap is a fast-growing high-tech company that understands both the pace of technology today and the need to have a comprehensive well planned information management environment. The Information Systems Security Engineer will support Engineering and Operations network solutions and ensure compliance with U.S. Government security requirements, while preparing and updating authorization packages for assigned systems.

ComputerInformation ServicesInformation Technology

Growth Opportunities

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Support Engineering and Operations network solutions and strategic adherence to all aspects of the Information Assurance (IA) program as stipulated by various U.S. Government requirements including (but not limited to): Director of Central Intelligence Directives (DCID), IC Directive (ICD) 503 and associated NIST publications

Preparation of Assessment and Authorization (A&A) documents and procedures

Interface with other IA team members, other security disciplines (industrial security, physical security, special programs security, etc.), program personnel, and Government security representatives

Serve as a principal advisor to the Government and service lane leads on all matters, technical and otherwise, involving the security of an Information System including, but not limited to, accreditation status, emerging threats, current security posture, ongoing activities, and Plan of Action and Milestones (POA&Ms)

Adheres to DIA Risk Management Framework (RMF) standards for the performance of the ISSO role, the recommendations comply with the Federal Information Security Modernization Act (FISMA), and in accordance with NIST (National Institute of Standards and Technology) SP 800-37

Maintains the information system assessment and authorization record within the agency’s authoritative system repository, to include but not limited to, the system security POA&M documents

Updates XACTA during the lifecycle of the system including updating network diagrams, vulnerability scans, STIG checklists, hardware/software lists, and SCRM certificates

Maintains responsibility for the day-to-day security operations of the system ensuring the network, system, application, or service is operated, maintained, and disposed of in accordance with DIA security policies and procedures outlined in the security authorization package

Ensures approved operational systems obtain and retain Approval to Operate (ATO)

Develops POA&M for identified vulnerabilities and ensure compliance through updates as well as developing waivers, exceptions, and risk acceptance documents for information system vulnerabilities

Coordinates with engineering ISSE and system SMEs to obtain approval via DIA’s RMF process

Conducts reviews of the network, system, application and/or service in accordance with the periodicities set within the Monitoring Strategy of the Security Authorization Package Review and update approved ATO as required or requested in conjunction of auditors, cyber security & Information System Security Engineers

Coordinates required system changes due to security notifications, baseline changes and/or elements required to retain ATO

Qualification

ICD 503 CertificationDoD 8140 ComplianceNIST SP 800-53Risk Management FrameworkNIST SP 800-37IC ITE ServicesTechnical TrainingSecurity OperationsAssessmentAuthorization

Required

Mandatory Active Top-Secret Clearance with a CI Poly

8-10 years proven track record of progressively responsible information assurance experience in ICD 503 certification and accreditation

Compliant with DoD 8140 and any other certification/training required by DoD for role

Must maintain required technical and security training relative to cybersecurity duties, in accordance with DoD instruction 8510.01, Risk Management Framework for DoD Systems, NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations and DoD Directive 8570.01-M, IA Workforce Improvement Program

Must have certifications and/or comprehensive hands-on technical experience in the technology area(s) of their assigned system(s) in order to effectively carry out their duties

Familiarization with NIST Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems, Committee on National Security Systems Instructions (CNSSI) 1253, and NIST SP 80053 Revisions 3 and 4, SP800-39, SP 800-30

Demonstrated experience in transitioning applications to IC Information Technology Environment (ITE) and in-depth knowledge of IC ITE services