Information Assurance/Cyber Security Engineer - 00018



Location Chantilly

Supporting NRO

Full-Time/Part-Time -unspecified-

Number of Openings 7

Clearance TS/SCI (CI Poly) Required

Description
This position is to provide end-to-end secure Information Technology (IT) and transport services for the National Reconnaissance Office (NRO) and mission partners.

The IA/Cyber Security Engineer duties may include:

Cybersecurity Governance and Planning Support

  • Serve as technical subject matter experts in support of the Government cybersecurity and FISMA leads and liaisons through skilled analysis and application of Federal, DoD, IC, and NRO policies
  • Provide technical inputs to NRO policy, procedure, budgeting, and ongoing operational planning activities to enhance the overall security posture of the NRO's communication/computer networks, systems, and data
  • Develop and present cybersecurity studies and analyses in support of NRO Cybersecurity and Privacy Programs
  • Conduct NRO-mandated IA training sessions


Systems Engineering Lifecycle Support
  • Maintain an acceptable security posture on behalf of the NRO and in compliance with ND50-05 and ND 52-20 and in accordance with the principal s delineated in NIST SP 800-27, Engineering Principles for Information Technology Security
  • Provide oversight, management, and technical support to the stand-up and operations of a software assurance program and the NRO IT vulnerability management lifecycle
  • Participate in the appropriate Cybersecurity Engineering Working Groups, ISSE forums, Integrated Product Teams (IPTs), Systems Engineering/Project Management lifecycle milestones and control gates, to ensure cybersecurity is fully addressed and integrated
  • Provide cybersecurity guidance and direction on the maintenance and configuration control of hardware, systems, and application software; identify the appropriate level of recommended remediation to security anomalies or integrity loopholes such as system weaknesses or vulnerabilities
  • Analyze system and network environments and provide technical evaluations in identifying existing and potential cybersecurity vulnerabilities, threats and risks, and recommend the appropriate level of remediation
  • Evaluate engineering change request proposals that require additional system requirements, changes to system architecture, or integration of new systems or capabilities; provide updated security impacts that affect the system
  • Collaborate with appropriate Cross Domain Service representatives to ensure proper authorization and alignment with agency processes


Vulnerability Identification and Remediation
  • Develop and deliver inputs to the planning, execution, and follow-up of NRO Blue Team, Red Team, and other ad hoc vulnerability assessment and/or penetration testing activities
  • Develop and deliver inputs to the analysis and tracking, and report remediation status for vulnerability scans, as well as all NRO audits, assessments and inspections
  • Develop, deliver, maintain and update current documentation on vulnerability management processes and procedures.
  • Develop and deliver asset vulnerability views for categories such as mission, cross domain, and location
  • Develop updates and maintain the documentation of the heat map process and recommend improvements.
  • Develop cyber threat analysis for known threats
  • Develop and deliver documentation supporting cyber indications and warnings, and hunt team activities


Compliance Support (FISMA, RMF, Privacy, Risk Management, etc.)
  • Support risk management activities at all phases of the Systems Development Life Cycle (SDLC)
  • Provide technical review analysis, and implementation support to each RMF step; document risk based recommendations, and coordinate necessary design and progress reviews
  • Collect, analyze and report information related to applicable NRO systems to verify Compliance with reporting requirements to the IC and DoD
  • Populate and maintain current authorization status of each of the NRO IT assets being tracked in the NRO's corporate assessment and authorization tool
  • Manage and maintain the reported list of NRO's Privacy Act Systems of Records (SOR) and Systems of Records Notices (SORNs)
  • Conduct required reviews of existing and new SORs and provide Privacy Act Statements to the Government
  • Maintain and extract data from the N RO A&A tool in support of system Authorization activities


Position Requirements
Required Skills (Knowledge, Skills, Abilities)
  • Experience with RMF, NIST SP 800-27, NIST 800-53, JSIG
  • Desired: Experience with network and host based vulnerability scanners and assessment tools (Nessus, ACAS, STIGs, Wireshark, etc.)


Professional Business Functions
  • Ability to constructively engage and resolve challenging situations
  • Available to work before/after typical office hours
  • Independent self-starter, proactive and professional assertive
  • Effective oral and written communication skills, excellent interpersonal skills, and computer literate
  • Proficiency with MS Office Suite (MS Word, Excel, PowerPoint and Outlook)
  • Strong analytical and problem solving skills
  • Ability to multitask


Clearance
  • TS/SCI CI Poly Required


Years of Experience/Education Requirements
  • Bachelors degree in related field preferred.
  • Level II - 10 -12 years experience
  • Level III - 12 - 15 years experience


Certification Requirements
  • Level II - IAM Level II required
  • Level III - IAM Level III required


Travel Requirements
  • Ability to travel to CONUS and/or OCONUS locations
  • Limited travel within the region
  • Must have active US passport for OCONUS travel requirements


About the Organization From our start in 2005, System High has been recognized as the provider of choice for innovative security engineering. Delivering high-end information protection services, over 50% of our security professionals are US Military veterans. Patriotism, commitment to excellence, and successful mission accomplishment permeate our corporate culture. Whether designing or constructing secure facilities (SCIFs), performing IT systems certification and accreditation, establishing regulatory compliant corporate security programs, or producing life-cycle protection planning for complex systems acquisitions, System High has the expertise and tools to facilitate mission success.

EOE Statement We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.

This position is currently accepting applications.


Meet Some of System High's Employees

Sarah L.

Chief Human Capital Officer

Sarah has been charged by the CEO as being responsible for looking after the personal and professional wellbeing of each and every System High team member.

Nisha

Security Education, Training, & Awareness Specialist

Nisha supports one of System High's flagship customers through building, maintaining, and continuously enhancing the training program for both current and incoming program personnel.


Back to top