SAIC anticipates a requirement to fill a Senior Information System Security Engineer in support of the Naval Information Warfare Command (NIWC) Pacific, Maritime Global Command and Control System (GCCS) Family of Systems (MGF) Project, and other C2 and/or C4I projects. This work will be performed on-site in San Diego, CA.
This opportunity is contingent upon award in the Winter of 2021/2022.
The Command and Intelligence Systems Division (Code 532) within NIWC Pacific provides systems engineering, software maintenance, integration, test, and life-cycle support for a wide range of Navy, Joint, and National C4I systems. These systems serve to consolidate Command, Control, Intelligence, Imagery, Planning, Coordination and Logistic capabilities to provide an integrated C4I capability to the warfighter.
Job Summary: The Senior Information Security Engineer applies extensive technical expertise in the field of Cybersecurity. Activities include, but are not limited to, design, test, and implement secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response, digital forensics, loss prevention, and eDiscovery actions. The Senior Information Security Engineer is a Leadership position and is dedicated to transforming and maintaining customer environments as secure operating arenas. The Senior Information Security Engineer will be responsible for preparing and obtaining approval of Assessment and Authorization (A&A) documentation in accordance with NIWC direction, DoDD 8500, DoDI8510.01, and the Risk Management Framework (RMF).
Duties and Responsibilities:
- Generates artifacts via hands-on effort throughout the entire RMF process for Ashore and Afloat packages.
- Puts into action all aspects of Navy (and other Service) Testing Guidance with emphasis on RMF Navy Qualified Validator (NQV) activities.
- RMF lifecycle maintenance.
- Prepares and maintains all Assessment and Authorization (A&A) artifacts and documentation for the program’s products and systems in accordance with DoD Instructions, Directives, Policies, and Regulations
- Performs functions throughout NIWC Pacific’s RMF LITE to achieve C-ISSM A&A.
- Executes the Information Assurance Vulnerability Management (IAVM) process to ensure dissemination, reporting, and compliance
- Uses various MGF Project and Cybersecurity collaboration, documentation, and records management tools, to include but not limited to Enterprise Mission Assurance Support Service (eMASS), Vulnerability Remediation Asset Manager (VRAM), CMPro, Confluence, and Jira.
- Working through the RMF 6 steps in eMASS to include all system details, system controls, implementations and artifacts for the program’s products.
- Reviews and provides technical feedback for the architectural diagrams.
- Works with the PM, ISSM, System Engineering and Developers to create the RMF package.
- Works as a liaison between the PMO office to include the Echelon II and the office of the Authorizing Official (AO).
- Provides engineering and technical assistance to support vulnerability scans, penetration testing, vulnerability analysis, scan analysis, and security analysis on the program’s products and network components.
- Executes and analyzes scan data from required scanning tools (e.g. Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), as well as commercial products, such as Fortify and CAST);
- Maintain Security Technical Implementation Guidance (STIG) compliance with the associated technology.
- Executes all other Cybersecurity monitoring and reporting to ensure compliance to include the development and maintenance of POA&Ms;
- Applies combinations of expert engineering knowledge of enterprise IT and security solutions to design, develop and/or implement solutions to ensure they are consistent with enterprise architecture security policies and support full spectrum military cyberspace operations.
- Architects, plans, configures, deploys, maintains, and upgrades COTS/GOTS and custom toolsets to address vulnerabilities and/or implement security controls.
- Assists in the implementation of the required government policy (i.e. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53A, CNSSI 1253, FIPS-99, FIPS-200, SP 800-30, SP 800-34), and makes recommendations on process tailoring.
- Conducts risk and vulnerability assessment at the network, system and application level.
- Conducts threat modeling exercises.
- Designs, tests, and implements secure operating systems, networks, security monitoring, tuning and management of IT security systems and applications, incident response
- Develops and implements security controls and formulates operational risk mitigations along with assisting in security awareness programs.
- Includes security control design and solution planning at the system, mission, and enterprise level, security-in-depth/defense-in-depth, and other related IAM/ISSO/ISSE support functions.
- Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
- May provide briefings to senior staff.
- May support cyber metrics development, maintenance and reporting.
- Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards.
- Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.
- Researches and evaluates cyber capabilities and new security tools and products against operational requirements and introduces them to the enterprise in alignment with IT security strategy, and to support the offensive and defensive capability design and troubleshoot and problem solve technical and non-technical issues.
- Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports.
- Utilizes COTS/GOTS and custom tools and processes/procedures in order to scan, identify, contain, mitigate and remediate vulnerabilities, and intrusions.
- Ensures the system can achieve an Accreditation/ATO.
- Responsible for ensuring lab facilities maintain existing ATO and accreditation status and also perform lab new accreditation activities, including data reporting, data input and preparing Assessment and Authorization (A&A) packages
- Bachelors and nine (9) years or more experience; Masters and seven (7) years or more experience ; PhD or JD and four (4) years or more experience; Four (4) additional years of related experience will be considered in lieu of a Bachelor’s degree.
- Navy Qualified Validator (NQV) II or higher
- Active Secret clearance
- Must be fully CSWF (Cyber Security Workforce) qualified at IAT Level II (i.e. GSEC, Security+ CE, SSCP, CCNA Security, or higher)
SAIC is a premier technology integrator solving our nation's modernization and readiness challenges. Our offerings across defense, space, civilian, and intelligence markets include high-end solutions in engineering, IT, and mission outcomes. We integrate the best components from our portfolio with our partner's ecosystem to deliver innovative and effective solutions. We are 25,500 strong; driven by mission, united by purpose, and inspired by opportunities. Headquartered in Reston, VA, SAIC has annual revenues of nearly $7.1 billion. For information, visit saic.com or Working at SAIC for benefits details. SAIC is an Equal Opportunity Employer empowering people no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. We strive to create a diverse, inclusive and respectful work culture that values all.