SAIC is seeking Principal Cyber Security Engineer to support PEO C4I PMW 160 CANES/ ADNS code. Candidate should have a broad understanding of cyber security engineering services to conceptualize, design and build secure technical solutions, including applications, systems, architectures and infrastructure, that are operationally viable and efficient.
Temporarily remote due to COVID-19
- Works with engineers to design and document secure implementation of NIST RMF 800-53, CYBERSAFE and other applicable overlay controls.
- Information Assurance Technical Authority (IATA) Defense in Depth Functional Implementation Architecture (DFIA) Standard, IATA Implementation Standards and NAVWAR Systems Command DFIA Implementation and Execution guidance, develop and document risks for controls or standards not being met, and develop mitigations that minimize impact, likelihood, or risk.
- Analyze emerging technologies and design, build and integrate architectures and solutions to enable secure implementation of new technologies.
- May provide work leadership for lower level employees.
- Work with engineers and cybersecurity leads to design and document secure implementation of NIST 800-53, CYBERSAFE, System Security Plan (SSP), System Level Continuous Monitoring Plan (SLCMP), System Level Configuration Management Plan (SCM), Incident Response Plan (IRP), Contingency Plan (CP), and Privacy Impact Analysis (PIA)
- Maintain system information in Enterprise Mission Assurance Support Service (eMASS) and Department of the Navy Applications and Database Management System (DADMS) and Department of Defense Information Technology Portfolio
- Repository-Department of the Navy (DITPR-DON) registrations.
- Validate cybersecurity engineering best practices in information systems including applications, systems, architectures, and infrastructure that are operationally viable and efficient updating Risk Assessment Report (RAR) and
- Security Assessment Report (SAR) as needed.
- Verify adherence of cybersecurity requirements for all applicable systems within the enclave in accordance with RMF.
- Support performing ongoing cybersecurity developmental testing and assessments to identify vulnerabilities and compliance issues, develop mitigations for reducing impact, likelihood, or risk of identified vulnerabilities, and write appropriate mitigation statements.
- Provide subject matter expert insight into Assessment and Authorization (A&A) schedules in support of Interim Authorization to Test (IATT) packages.
- Coordinate with Critical Design Agent (CDA), Information Security Manager (ISSM), Security Control Assessor (SCA) and Security Control Validator (SCV) to clarify any security findings.
- Coordinate with SCV to support updating/completion of RARs and SARs.
- Ability to analyze user needs and current security regulations and guidelines to determine Information Assurance (IA) functional requirements.
- Participation in ad hoc cybersecurity data calls.
- Support coordinating system allocation recommendations across platform designs with other applicable Enclave Managers.
Required Education and Experience:
· Bachelors degree in Cyber-security, Information systems, or engineering and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD or JD and four (4) years or more experience.
· At least (9) years of demonstrated experience working in the Information Assurance Career field, preferably performing and leading security assessments for complex Navy systems.
· 2+ years experience with implementing all steps of RMF throughout the appropriate phases of the System Development Lifecycle
· 2+ years of experience with Cybersecurity testing, Cyber risk assessment, vulnerability remediation, and software engineering
· 2+ years of experience with automated vulnerability assessment tools, including Nessus and Assured Compliance Assessment Solution (ACAS) and Security Content Automation Protocol (SCAP) and reviewing manual testing procedures using DoD STIGs, SRGs, and checklists collaborations.
· 1+ year experience coordinating lab security assessment events, coordinating with SCA to conduct assessments security baseline, collecting assessment body of evidence (BOE)
· 1+ year experience with Enterprise Mission Assurance Support Service (eMASS)
· Experience with Department of the Navy Applications and Database Management System (DADMS) and Department of Defense Information Technology Portfolio Repository-Department of the Navy (DITPR-DON) registrations
· Experience with formulas, tables and advanced features in Excel
· Active Secret clearance
· Security+ Certification
· MA or MS degree in an IT, Cyber, or Engineering field
· CISSP Certification
· Ports, Protocols and Services Management (PPSM) experience
· IA Workforce 8570 Certification
· Other technical certifications
SAIC is a premier technology integrator solving our nation's most complex modernization and readiness challenges. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes high-end solutions in engineering, IT, and mission solutions. Using our expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions.
We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, Virginia, SAIC has pro forma annual revenues of nearly $7.1 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom. For SAIC benefits information, see Working at SAIC. EOE AA M/F/Vet/Disability