CI Poly Clearance)

NorthHill Technology•Fairfax, VA

4d•Onsite

About The Position

One of our key clients has an immediate opening for an Information System Security Engineer (ISSE) with an active TS/SCI w/CI Poly Clearance to work Full Time in their Fairfax, VA headquarters. The role of the ISSE is to bridge the gap between high level security policies/requirements and technical/operational implementation of those requirements. Candidates should have in-depth understanding of the cybersecurity policies and procedures for Government (DoD, Intelligence Community) sectors information systems and sufficient technical knowledge and experience to implement them. The ISSE will work closely and effectively with the Information System Security Manager (ISSM) ISSM, and the Program Manger on all aspects of their development and implementation programs. Candidates should have in-depth understanding of the cybersecurity policies and procedures for Government sector information systems and sufficient technical knowledge and experience to implement them. The ISSE will provide guidance, standards, and oversight to the program/development teams as they work towards accreditation and then to maintain the accreditation. The candidate will contribute to the team’s successful Assessment and Authorization (A&A) process activities (ICD-503 RMF) and related documentation such as security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability and compliance scanning, and/or vulnerability management plans. The ISSE will be an experienced System Administrator and Cyber Security Expert. The candidate will be supporting a larger team of developers, engineers, and analysts all charged with expanding, operating, and maintaining information systems built upon hundreds of Linux instances on virtual and bare metal hardware. Team responsibilities include Linux system build automation, network architecture and implementation, all facets of cyber security compliance, deployment and management of core subsystems and services. The ISSE will assume responsibility for ICD-503 RMF process for these multiple information systems including patching, scans, reports, documentation, coordinating plans of actions and milestones, audit log reviews and other related duties. The ISSE will help determine and recommend appropriate solutions and implementations to help meet program needs. Candidate must possess the ability to communicate effectively and be flexible, adaptable, and willing to take ownership of projects. Candidate will have several technical areas of primary responsibility depending on experience and will be expected to cross train and support other areas as needed. Superior attention to detail is required. Must exhibit positive attitude and good customer service skills in sometimes stressful situations, such as during outage troubleshooting and resolution.

Requirements

Active TS/SCI + CI Poly Clearance
Information Assurance (IA) and Information Security (InfoSec) experience working with Intelligence Community (IC) customers, which includes developing and reviewing security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability and compliance scanning, and/or vulnerability management plans.
Significant expertise in ICD-503 A&A process and documentation preparation.
Security engineering experience; which includes systems engineering principles, configuration management, supply chain, requirements analysis, system development (software and hardware); network security architecture concepts (topology, protocols, components); and/or IT security principles and methods (firewalls, demilitarized zones, encryption).
Required experience with ICD-503 security frameworks to include A&A process and documentation preparation.
Experience providing continuous monitoring support for information systems to include expertise in USG security compliance processes, scan tools and systems (NESSUS, NMAP, Trivy, ICD-503 RMF, SNOW)
Advanced problem solving skills: able to use prior experience and knowledge to address new situations; especially during interactions with clients.
Experience providing assistance to A&A test and evaluation activities.
Proficiency with Red Hat Linux/Unix and Kubernetes environments to include Red Hat Certified System Engineer (RHCSE) or equivalent skills.
5+ years’ experience as Linux system engineer/admin
Working knowledge of various Cross Domain Service (CDS) technologies and implementations.
Demonstrated advanced analytical skills: able to use prior experience and knowledge to seamlessly incorporate new knowledge or information during client interactions.
Demonstrated ability to work seamlessly with the program and development team to be able to communicate security practices from the development requirements
Security certification (Security+ or CISSP)

Nice To Haves

Current or former Cisco Certified Network Associate (CCNA) and CCNA Security or equivalent skills and experience
Proficient, efficient, and confident in writing and deploying Linux/UNIX scripts for system administration and file management
Experience with Puppet, and/or Ansible
Experience with SNOW and ServiceNow
Experience configuring, securing, managing and troubleshooting Linux/Unix systems
Familiar with source code control tools such as: git, gitlab, cvs, svn
Experience with log aggregation tools used for audit log purposes from all sources, including Linux, Networking equipment, and applications
Experience with public key infrastructure (PKI), secure shell (ssh) configuration and troubleshooting, sssd, httpd
Experience with Amazon Web Services or other cloud technologies
Experience deploying enterprise monitoring tools such as Grafana
Experience with VMware
Experience with relational database technologies such as Oracle and MySQL
Advanced writing skills: able to clearly articulate ideas for executive level as well as technical staff consumption
Experience in NIST SP 800-37, CNSS publications, and other Risk Management Framework (RMF) processes.

Responsibilities

Bridge the gap between high level security policies/requirements and technical/operational implementation of those requirements.
Work closely and effectively with the Information System Security Manager (ISSM) and the Program Manager on all aspects of their development and implementation programs.
Provide guidance, standards, and oversight to the program/development teams as they work towards accreditation and then to maintain the accreditation.
Contribute to the team’s successful Assessment and Authorization (A&A) process activities (ICD-503 RMF) and related documentation such as security concept of operations, systems security plans, security control assessments, contingency plans, configuration management plans, incident response plans, plan of actions and milestones, risk management plans, vulnerability and compliance scanning, and/or vulnerability management plans.
Support a larger team of developers, engineers, and analysts charged with expanding, operating, and maintaining information systems built upon hundreds of Linux instances on virtual and bare metal hardware.
Assume responsibility for ICD-503 RMF process for multiple information systems including patching, scans, reports, documentation, coordinating plans of actions and milestones, audit log reviews and other related duties.
Help determine and recommend appropriate solutions and implementations to help meet program needs.
Cross train and support other areas as needed.
Provide continuous monitoring support for information systems.
Provide assistance to A&A test and evaluation activities.
Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives.