Information Systems Security Engineer

Job Description

Description

SAIC is looking for an Information Systems Security Engineer in Keyport, WA.

Perform Information Assurance (IA) functions for various programs and projects; these include preparing system accreditation documentation required by the Navy and/or DoD, evaluating security configurations of systems, and maintaining security configurations of production, development and test systems by applying and configuring security controls. Review IAVA and STIGs for supported operating systems, implement and verify the implementation of the STIG. Verify Cybersecurity compliance of the systems in accordance with DoD provided tools.
 
Shall provide numerous aspects of Cybersecurity Support representing Command interests and reporting as well as significant direct support to system owners and end-users. These areas include various aspects of Cybersecurity (CS) compliance and CS customer support areas. Support areas addressed by this section include oversight, support, and validation for information systems Assess and Authorize efforts; oversight of system and data access approvals, providing CS technical support and guidance developing CS policy implementation plans; IAVM/Vulnerability Remediation Asset Management execution and reporting; Communication tasking orders compliance; ensuring Command CS defense-in-depth strategy, compliance, and investigating misuse of critical IT; the Cybersecurity Workforce (CSWF) Program, ensuring compliance with Navy Cyber Defense Operations Command directives.

Broader tasking could include: Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (STE) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions. Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (STE) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. 

Qualifications

Education and Experience:

• Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience.  4 additional years of experience in lieu of degree.
• Must have CISSP (Preferred) or Security Plus (Minimum).
• Must have Interim Secret with ability to obtain a Secret.
• Should have a complete understanding of the NAVY RMF Process and Accreditation Process.
• Proven Experience in performing manual and automated test and evaluation for vulnerabilities in RDTE systems software applications and Navy RDTE laboratories.
• Experienced in creating and modify DOD RMF documentation that have let to systems ATO.
• Should have experience validating that security deficiencies, have been mitigated, corrected, and assessed for risk.
• Ability to work independently and interact with multiple stakeholders in the DOD IT environment.

Desired:

• Navy Qualified Validator experience.
• NAVSEA eMass experience.

Target salary range: $125,001 - $150,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.

Overview

SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective and efficient solutions that are critical to achieving our customers' missions.

We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a culture of diversity, equity, and inclusion, which is core to our values and important to attract and retain exceptional talent. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.9 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.