This job has closed.

Concurrent Technologies Corporation · 2 days ago

Senior Principal Information Systems Security Engineer

Columbia, MD

Full-time

Onsite

Senior Level, Lead/Staff

$184K/yr - $240K/yr

14+ years exp

Concurrent Technologies Corporation is a leader in providing innovative IT solutions to the Department of Defense and other government agencies. The Senior Principal Information Systems Security Engineer will be responsible for coordinating cyber incident responses, conducting security assessments, and implementing risk management strategies to protect national security interests.

Non Profit

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

To protect the interests of national security, cyber incidents must be coordinated among and across DoD organizations and sources outside the Department of Defense, and critical infrastructure and critical infrastructure sector Information Sharing and Analysis Centers (ISACs) via Tier I, Tier II, and Tier III support

CND response services include the actions taken to report, analyze, coordinate, and respond to any event or cyber incident for the purpose of mitigating any adverse operational or technical impact

Cyber incident reporting includes a well-defined framework for the timely reporting of any cyber event or incident. The report provides an accurate, meaningful, and complete understanding of the cyber incident from initial detection to analysis and remediation. This information feeds into the User-Defined Operational Picture, which provides local, intermediate, and DoD wide situational awareness of CND actions and their impact

Cyber incident analysis identifies several critical elements of an incident to determine and characterize its possible effects on DoD information networks, operational missions, and other defense programs. This activity relies on effective acquisition, preservation, and timely reporting of cyber incident data

Cyber incident response includes the coordinated development and implementation of courses of action (CO As) that focus on containment, eradication, and recovery. At the same time, it ensures the acquisition and preservation of data required for tactical analysis, strategic analysis, and/or LE investigations

Qualification

Information Systems Security EngineeringCybersecurityRisk ManagementIncident HandlingAWS ExperienceCISSP CertificationTeam CollaborationCommunication Skills

Required

Bachelor's Degree from an accredited college or university in Computer Science or related discipline and 12 years of directly related experience or a Master's degree and 10 years of directly related experience, or a PhD and 8 years of directly related experience

Fourteen (14) years' experience as an ISSE on programs and contracts of similar scope, type, and complexity within the Federal Government is required

The Information Systems Security Engineer shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies

Validates and verifies system security requirements definitions and analysis and establishes system security designs

Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements

Builds IA into systems deployed to operational environments

Assists architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions

Supports the building of security architectures

Enforce the design and implementation of trusted relations among external systems and architectures

Assesses and mitigates system security threats/risks throughout the program life cycle

Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations

Reviews certification and accreditation (C&A) documentation, providing feedback on completeness and compliance of its content

Applies system security engineering expertise in one or more of the following to: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control

DoD 8570 compliance with IASAE Level 2 (i.e. CISSP) is required