Join our Talent Network >

Cybersecurity Engineer

This job posting is no longer active.

Job ID: 200094
Location: , United States
Date Posted: Mar 16, 2020
Category: Cyber
Subcategory: Cyber Eng/Archt
Schedule: Full-time
Shift: Day Job
Travel: Yes, 10 % of the Time
Minimum Clearance Required: Secret
Clearance Level Must Be Able to Obtain: Secret
Potential for Remote Work: Yes
Benefits: Click here

Share: mail

Job Description

Description

SAIC is seeking a cyber security engineer for the Cloud One program under the Air Force Lifecycle Management Center Office for Network Integration (AFLCMC/HNI). The Cloud One Common Computing Environment is an existing global, interconnected, virtualized, hybrid, and IT infrastructure hosting mission systems, applications, services, and data that will serve the U.S. Air Force (USAF) and U.S. Army (USA). Cloud One incorporates the capabilities of commercial cloud and Managed Service Providers (MSP) residing in Cloud Service Providers (CSPs). Cloud One facilitates the USAF and USA’s efforts to migrate applications to a cloud environment, allowing the closure of data centers to support the Data Center Optimization Initiative (DCOI) and allowing for increased efficiencies across the entire spectrum of the USAF and USA's IT operations. The candidate for this position may work anywhere in the United States. There is no requirement to work at a SAIC or customer site to support Cloud One.

 

The candidate for this position:

  • Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. Conducts risk and vulnerability assessment at the network, system and application level. Conducts threat modeling exercises. Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access. Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.  Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.  May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.  Assists in the implementation of the required government policy (i.e., NISPOM, DCID 6/3), and makes recommendations on process tailoring. Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.  May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff. 
  • Problem Complexity: Provides technical solutions to a wide range of difficult problems where analysis of data requires evaluation of identifiable factors.  Solutions are imaginative, thorough, practicable and consistent with organization objectives. 

  • Impact: Contributes to completion of specific programs and projects.  Failure to obtain results or erroneous decisions or recommendations would typically result in serious program delays and considerable expenditure of resources.

  • Liaison: Frequent inter-organizational and outside customer contacts.  Represents organization in providing solutions to difficult technical issues associated with specific projects.

Specific duties include: 

  • Assist in the completion of eMASS tasks for coordination through all applicable parties.
  • Developed security artifacts IAW AFI 17-101 & Army Regulation 25-2
  • Perform on-going RMF Step 2 through Step 6 to maintain the customer ATO packages in eMASS.
  • Support reviews and analysis of system changes to determine any security impacts.
  • Assist in assessing the data Impact Level (IL) of migrating applications in accordance with the DoD Cloud Computing Security Requirements Guide (SRG).
  • Analyze and recommended risk mitigations for identified vulnerabilities and weaknesses.
  • Support the documenting of the inheritable environment controls required to meet security standards as described in the RMF for an A&A package.
  • Support security assessments and the resolution of concerns/issues identified by assessment team(s) including security reviews, test, and exercises.
  • Develop, deliver and execute a contractor Security Assessment Plan (SAP)
  • Record actual results of the Security Control Assessment in the Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M)
  • Conduct security testing and continuous vulnerability monitoring to include delivering a continuous monitoring plan and vulnerability management reports.
  • Working with the CSSP to ensure applications are properly configured for auditing/monitoring
  • Ensure DoD Public Key Infrastructure (PKI) is enabled/implemented where appropriate according to policy.
  • Ability to provide timely remediation recommendations for audit findings
  • Ability to support POA&M reviews and recommendations
  • Ability to collect and deliver the application ISSM identified Assess-Only security artifacts as defined by eMASS to include: Categorization and Selection Checklist; HW List; SW List; Identification of applicable STIGs; POA&M List; Signed Security Assessment Report; Scan results; Security configuration testing; Port, Protocols, and Services worksheet; Topology/System Authorization Boundary; CMP/CCB; and applicable SLA/MOU/A.
  • Ability to support the updates to Risk Management Framework Artifacts
  • Ability to update both the USAF and USA instances of EMASS in tandem.
  • Ability to create System Security Plan (SSP) templates that provides a common approved language for documenting common inherited security features.  


Qualifications

  • Bachelors and five (5) years or more of related experience; Masters and three (3) years or more related experience; PhD and 0 years experience. In lieu of a degree an additional four (4) years of experience is required (or add statement about certifications in lieu of degree).

  • A secret security clearance is required.
  • Minimum Information Assurance Technical (IAT) Level II certified IAW DoD 8570.01M

  • Compliant with DoD and USAF training requirements in DoDD 8570.01, DoD 8570.01-M, and AFMAN 17-1303.

  • Knowledge of DoD Policies and procedures including DoD 8500.01 and DoD 8510.01.

  • Experience with Risk Management Framework (RMF) and updating of security artifacts

  • Experience with compliance verification methods including DISA STIG, SRGs, and best practices

  • Experience with DevSecOps
  • Knowledge of the DoD suite of security tools including ACAS, HBSS, and eMASS.

  • Knowledge of cloud environments provided by AWS and Azure

  • Working knowledge of Microsoft Office Suite including Microsoft Visio


Desired Qualifications

 
  • Knowledge of DESMF
  • CISSP certification preferred
  • Experience with Agile, Scrum, SAFe or other modern software development methods/practices

  • Experience supporting USAF or USA software development projects

  • Experience supporting software migration efforts



Overview

SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions. We are 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $6.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability

Share: mail

Similar Jobs

Senior Cyberspace Intelligence Analyst

FORT MEADE, MD, United States
Cyber

Principal Joint Operations Planner

FORT MEADE, MD, United States
Cyber

Cyber Intelligence Principal

FORT MEADE, MD, United States
Cyber

Senior Cyberspace Operations Engineer

FORT MEADE, MD, United States
Cyber

Principal Cyber Intelligence Analyst

FORT MEADE, MD, United States
Cyber

Principal Cyberspace Operations Engineer

FORT MEADE, MD, United States
Cyber

Cyber Operational Training SME

WASHINGTON, DC, United States
Cyber

Offensive Cyber Operations (OCO) Planner

FORT MEADE, MD, United States
Cyber

Information System Security Manager

CHANTILLY, VA, United States
Cyber

Cyber Security Engineer

CHANTILLY, VA, United States
Cyber

Associate Curriculum Developer and Trainer

FORT MEADE, MD, United States
Cyber

Associate Cyber Operations Planner

FORT MEADE, MD, United States
Cyber

Associate Cyber Threat Emulation Analyst

FORT MEADE, MD, United States
Cyber

Chief Cyber Security Engineer/Architect

CHANTILLY, VA, United States
Cyber

Cybersecurity Specialist Sr

BETHESDA, MD, United States
Cyber

Senior Cyber Intelligence Analyst

FORT MEADE, MD, United States
Cyber

Cyberspace Operations Subject Matter Expert

SAN ANTONIO, TX, United States
Cyber

IA System Security Engineer III

WRIGHT-PATTERSON AFB, OH, United States
Cyber

Cyberspace Subject Matter Expert

FORT MEADE, MD, United States
Cyber

Senior Cyberspace Analyst

FORT MEADE, MD, United States
Cyber

Senior Cyber Engineer

FORT MEADE, MD, United States
Cyber

Information System Security Engineer

VANDENBERG AFB, CA, United States
Cyber

NASA Senior Cyber Engineer

HUNTSVILLE, AL, United States
Cyber