Expert Security Engineer

Amentum•Springfield, MO

About The Position

As the Information System Security Officer (ISSO) for GEODS, you will directly contribute to the success of critical mission systems by ensuring the confidentiality, integrity, and availability of sensitive information processed within the system. Your proactive management of the system's security posture, including rigorous risk assessments, vulnerability management, and security control implementation, enables IC members to securely access and utilize our system within critical times. By maintaining compliance with relevant security policies and regulations (e.g., ICD 503, NIST 800-53), you will minimize potential security risks that could compromise operations, protect national security assets, and ultimately enhance the effectiveness of the efforts to protect the nation. Your work facilitates the timely and secure delivery of vital information to decision-makers, empowering them to make informed choices and safeguard national interests.

Requirements

XACTA 360 experience
Certified Information Systems Security Professional (CISSP), CompTIA CASP, or other IAT II Certification
Extensive experience with Security Framework regulations, to include: NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF
Extensive experience with Plan of Action Milestones (POA&Ms) and knowledge of appropriate corrective action for unacceptable risks
Experience with a variety of systems (e.g. desktop, cloud, etc.)
Knowledge of Enterprise Security Best Practices (IAW NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF)
Applicable software/ hardware/management training & certification (e.g., specialties like Amazon Web Service architect/engineering, ServiceNow/Service+)
Clearance Required: TS/SCI with Poly
Minimum Education: Bachelor's degree plus 10 years’ experience, Associate’s degree plus 12 years’ experience, or a minimum of 14 years of experience, in a related field
Required Certifications: Certified Information Systems Security Professional (CISSP), CompTIA CASP, or other IAT II Certification

Responsibilities

Bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements.
Apply Risk Management Framework (RMF) security controls in accordance with regulatory policies into formal system test plans.
Serve as the security subject matter expert (SME) and will manage the execution of systems security activities for multiple applications.
Provide guidance to teams on the A&A Process to include related security documentation such as systems concept of operations (ConOps), system security design, implementation plans, operational procedures, and maintenance training materials.
Provide support to development teams for mitigation and management of Plan of action and Milestones (POA&Ms)
Conducts assessments of existing IT architecture for compliance with security requirements in accordance with regulatory security frameworks (IAW NIST SP 800-53 Rev. 4)
Provide engineering support and assistance to authorization/accreditation test and evaluation activities
Conduct IT Disaster Recovery exercises and maintain all associated documentation
Management of software in use and updates as required
Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives
Conduct and review security scans
Track and mitigate customer system vulnerabilities
Participate in IAVA Testing and provide recommendations of baseline acceptance of system patches
Ensure STIG compliance and mitigation
Ensure and maintain integration compliance with enterprise services
Provide continuous monitoring support for information systems
Assist with running vulnerability scans on various applications and provide recommendations for compliance
Ability to work closely with leadership, engineers, admins, and developers to efficiently work through the A&A process and Continuous Monitoring.