Join our Talent Network >

Cybersecurity Engineer

Job ID: 200094
Location: , United States
Date Posted: Jan 16, 2020
Category: Cyber
Subcategory: Cyber Eng/Archt
Schedule: Full-time
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: Secret
Potential for Teleworking: Yes

Share: mail

Job Description

Description

SAIC is seeking a cyber security engineer for the Cloud One program under the Air Force Lifecycle Management Center Office for Network Integration (AFLCMC/HNI). The Cloud One Common Computing Environment is an existing global, interconnected, virtualized, hybrid, and IT infrastructure hosting mission systems, applications, services, and data that will serve the U.S. Air Force (USAF) and U.S. Army (USA). Cloud One incorporates the capabilities of commercial cloud and Managed Service Providers (MSP) residing in Cloud Service Providers (CSPs). Cloud One facilitates the USAF and USA’s efforts to migrate applications to a cloud environment, allowing the closure of data centers to support the Data Center Optimization Initiative (DCOI) and allowing for increased efficiencies across the entire spectrum of the USAF and USA's IT operations. The candidate for this position may work anywhere in the United States. There is no requirement to work at a SAIC or customer site to support Cloud One.

 

The candidate for this position:

  • Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.  Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.  May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.  Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.  May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. 
  • Problem Complexity: Provides technical solutions to a wide range of difficult problems where analysis of data requires evaluation of identifiable factors.  Solutions are imaginative, thorough, practicable and consistent with organization objectives. 

  • Impact: Contributes to completion of specific programs and projects.  Failure to obtain results or erroneous decisions or recommendations would typically result in serious program delays and considerable expenditure of resources.

  • Liaison: Frequent inter-organizational and outside customer contacts.  Represents organization in providing solutions to difficult technical issues associated with specific projects.

Specific duties include: 

  • Assist in the completion of eMASS tasks for coordination through all applicable parties.
  • Developed security artifacts IAW AFI 17-101 & Army Regulation 25-2
  • Perform on-going RMF Step 2 through Step 6 to maintain the customer ATO packages in eMASS.
  • Support reviews and analysis of system changes to determine any security impacts.
  • Assist in assessing the data Impact Level (IL) of migrating applications in accordance with the DoD Cloud Computing Security Requirements Guide (SRG).
  • Analyze and recommended risk mitigations for identified vulnerabilities and weaknesses.
  • Support the documenting of the inheritable environment controls required to meet security standards as described in the RMF for an A&A package.
  • Support security assessments and the resolution of concerns/issues identified by assessment team(s) including security reviews, test, and exercises.
  • Develop, deliver and execute a contractor Security Assessment Plan (SAP)
  • Record actual results of the Security Control Assessment in the Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M)
  • Conduct security testing and continuous vulnerability monitoring to include delivering a continuous monitoring plan and vulnerability management reports.
  • Working with the CSSP to ensure applications are properly configured for auditing/monitoring
  • Ensure DoD Public Key Infrastructure (PKI) is enabled/implemented where appropriate according to policy.
  • Ability to provide timely remediation recommendations for audit findings
  • Ability to support POA&M reviews and recommendations
  • Ability to collect and deliver the application ISSM identified Assess-Only security artifacts as defined by eMASS to include: Categorization and Selection Checklist; HW List; SW List; Identification of applicable STIGs; POA&M List; Signed Security Assessment Report; Scan results; Security configuration testing; Port, Protocols, and Services worksheet; Topology/System Authorization Boundary; CMP/CCB; and applicable SLA/MOU/A.
  • Ability to support the updates to Risk Management Framework Artifacts
  • Ability to update both the USAF and USA instances of EMASS in tandem.
  • Ability to create System Security Plan (SSP) templates that provides a common approved language for documenting common inherited security features.  


Qualifications

  • Bachelors and five (5) years or more of related experience; Masters and three (3) years or more related experience; PhD and 0 years experience. In lieu of a degree an additional four (4) years of experience is required (or add statement about certifications in lieu of degree).

  • A secret security clearance is required.
  • Minimum Information Assurance Technical (IAT) Level II certified IAW DoD 8570.01M

  • Compliant with DoD and USAF training requirements in DoDD 8570.01, DoD 8570.01-M, and AFMAN 17-1303.

  • Knowledge of DoD Policies and procedures including DoD 8500.01 and DoD 8510.01.

  • Experience with Risk Management Framework (RMF) and updating of security artifacts

  • Experience with compliance verification methods including DISA STIG, SRGs, and best practices

  • Experience with DevSecOps
  • Knowledge of the DoD suite of security tools including ACAS, HBSS, and eMASS.

  • Knowledge of cloud environments provided by AWS and Azure

  • Working knowledge of Microsoft Office Suite including Microsoft Visio


Desired Qualifications

 
  • Knowledge of DESMF
  • CISSP certification preferred
  • Experience with Agile, Scrum, SAFe or other modern software development methods/practices

  • Experience supporting USAF or USA software development projects

  • Experience supporting software migration efforts



Overview

SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability

Share: mail

Similar Jobs

Senior Cyber Security Analyst

HERNDON, VA, United States
Cyber

Cyber Security Analyst_MLRS

HUNTSVILLE, AL, United States
Cyber

Cyber Security Engineer

SUFFOLK, VA, United States
Cyber

Cloud Security Engineer

LANHAM, MD, United States
Cyber

Cyberspace Intelligence Analyst II

FORT MEADE, MD, United States
Cyber

Cyber Security Administrator

WASHINGTON, DC, United States
Cyber

Cyberspace Intelligence Analyst II

FORT MEADE, MD, United States
Cyber

Cyberspace Joint Operations Planner II

FORT MEADE, MD, United States
Cyber

Cyberspace Joint Operations Planner III

FORT MEADE, MD, United States
Cyber

Firewall DevSecOps Engineer

RESTON, VA, United States
Cyber

Firewall DevSecOps Engineer

OAK RIDGE, TN, United States
Cyber

Firewall DevSecOps Engineer

ORLANDO, FL, United States
Cyber

Cyber Security Manager

WASHINGTON, DC, United States
Cyber

Information System Security Engineer

CHANTILLY, VA, United States
Cyber

SOC Analyst Tier 1

COOKEVILLE, TN, United States
Cyber

Cyber Ops Planner Sr Principal

COLORADO SPRINGS, CO, United States
Cyber

Cyber Operations Planner Sr Principal

COLORADO SPRINGS, CO, United States
Cyber

Cyber Network Defense Linux Engineer

SPRINGFIELD, VA, United States
Cyber

Defensive Cyberspace Operations (DCO) Analyst

FORT MEADE, MD, United States
Cyber

Offensive Cyberspace Operations (OCO) Planner

FORT MEADE, MD, United States
Cyber

Information Operations Analyst

FORT MEADE, MD, United States
Cyber

Information Operations Analyst

FORT MEADE, MD, United States
Cyber

Intelligence Analyst

FORT MEADE, MD, United States
Cyber

Intelligence Analyst

FORT MEADE, MD, United States
Cyber

Provide your information to receive jobs that fit you by keywords, location, and more,
and then receive great opportunities based on your skills and experience.

Join our Talent Network >