Assesses security controls to preserve the confidentiality, integrity and availability of information systems. Supports a Linux- based development team by assessing the systems for security vulnerabilities and provides direction based on risk assessment. Provides security engineering expertise to develop security documentation packages consistent with federal requirements, specifically the DOD 8500 series, NIST SP 800-53 and ICD 503. Performs assessment and authorization activities with government authorities and certification agents to obtain official Authorization to Operate (ATO) or Interim Authorization to Test on Enterprise and Platform IT (PIT) systems.
Other tasks may include:
• Evaluating requirements, selecting security controls, reviewing installation procedures.
• Identify technological and functional risks inherent in system functionality, system exposure, and data sensitivity to determine the required security controls.
• Tailoring and configuring security controls for specific product use, security assessment plan preparation, test procedure preparation, test execution and reporting.
• Performing security vulnerability assessments using Assured Compliance Assessment Solution (ACAS), and performing SCAP security assessment/configuration.
• Provides support as the technical interface with customers, vendors, suppliers, and internal organization for related issues. Identify issues and recommend solutions.
• Conducting verification and validation of test procedures and script changes.
Required Skills and Experience
• Experience with TCP/IP and Network domain knowledge.
• Experience with Linux file systems, kernel design, and device-level driver integration.
• Familiarity with using Bash/Shell to produce hardening scripts and workable knowledge of using utilities such as SCAP and ACAS to identify system vulnerabilities.
• Familiarity with DISA STIGS and the ability harden applications (e.g., OS, web server, database, etc.) in accordance with the recommended STIG guidance.
• Ability to effectively communicate with the Assessment and authorization (C&A) authorities regarding security requirements and their implementation method.
Highly Desirable Skills:
• Experience working in an Agile/Sprint release planning environment including depth of understanding of providing impact analysis on testing as Sprint and releases are introduced to the integration environment.
• Existing certifications (e.g., Security+, CEH, Network+, CISSP, etc.)
• Proactive/self-starter. Task driven with ability to work independently.
• Team player that takes ownership and develops relationships that fosters team success.
• Bachelor’s degree in Computer Science/Cyber Security or equivalent demonstrated experience in the field of cyber security/informational assurance.
• Active DoD Secret Security clearance