Apply on Employer Site

Amentum · 19 hours ago

Expert Security Engineer

US-VA-Arlington

Full-time

Onsite

Senior Level, Lead/Staff

$175K/yr - $195K/yr

10+ years exp

Amentum is a company that focuses on mission-critical solutions, and they are seeking an Expert Security Engineer to serve as the Information System Security Officer (ISSO) for GEODS. The role involves managing the security posture of critical mission systems, conducting risk assessments, and ensuring compliance with security policies and regulations.

Mechanical EngineeringSecurityTechnical Support

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements

Apply Risk Management Framework (RMF) security controls in accordance with regulatory policies into formal system test plans

Serve as the security subject matter expert (SME) and will manage the execution of systems security activities for multiple applications

Provide guidance to teams on the A&A Process to include related security documentation such as systems concept of operations (ConOps), system security design, implementation plans, operational procedures, and maintenance training materials

Provide support to development teams for mitigation and management of Plan of action and Milestones (POA&Ms)

Conducts assessments of existing IT architecture for compliance with security requirements in accordance with regulatory security frameworks (IAW NIST SP 800-53 Rev. 4)

Provide engineering support and assistance to authorization/accreditation test and evaluation activities

Conduct IT Disaster Recovery exercises and maintain all associated documentation

Management of software in use and updates as required

Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives

Conduct and review security scans

Track and mitigate customer system vulnerabilities

Participate in IAVA Testing and provide recommendations of baseline acceptance of system patches

Ensure STIG compliance and mitigation

Ensure and maintain integration compliance with enterprise services

Provide continuous monitoring support for information systems

Assist with running vulnerability scans on various applications and provide recommendations for compliance

Ability to work closely with leadership, engineers, admins, and developers to efficiently work through the A&A process and Continuous Monitoring

Qualification

XACTA 360CISSPCompTIA CASPNIST 800-53Risk Management FrameworkPlan of Action MilestonesEnterprise Security Best PracticesCloud systems experienceAmazon Web ServicesServiceNowSoft skills

Required

XACTA 360 experience

Certified Information Systems Security Professional (CISSP), CompTIA CASP, or other IAT II Certification

Extensive experience with Security Framework regulations, to include: NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF

Extensive experience with Plan of Action Milestones (POA&Ms) and knowledge of appropriate corrective action for unacceptable risks

Experience with a variety of systems (e.g. desktop, cloud, etc.)

Knowledge of Enterprise Security Best Practices (IAW NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF)

Applicable software/ hardware/management training & certification (e.g., specialties like Amazon Web Service architect/engineering, ServiceNow/Service+)

TS/SCI with Poly

Bachelor's degree plus 10 years' experience, Associate's degree plus 12 years' experience, or a minimum of 14 years of experience, in a related field

Certified Information Systems Security Professional (CISSP), CompTIA CASP, or other IAT II Certification