SAIC is seeking an Informance Assurance Engineer to support the NAVAIR Aviation Logistics Environment LOG-IT project. This project is focused on providing state of the art systems and support the fleet effectively and efficiently. This position includes cyber technical analysis, continuous monitoring and analysis, and technical evaluations in support of current and future proposed applications, systems, and solutions across within PEO (CS) LOG-IT. Work includes conducting detailed technical analysis, technical reviews, developing technical artifacts supporting application and system security categorization; implementing security controls and required mitigation and remediation artifacts; conducting application and system authorization technical requirements according to Navy Risk Management Framework (RMF) policy; and continuously assessing and monitoring application, system, and solution authorization status through the use of both automated and manual technical assessments.
Work will be performed on site in Patuxent River, MD.
This opportunity is contingent upon contract award, anticipated in Summer 2022.
- Conduct Assessment and Authorization (A&A) activities for several high level programs per the DOD RMF (Risk Management Framework) 6-step process (categorizing to continuous monitoring) for system accreditations
- Perform manual STIG/SRG checklists, Nessus Assured Compliance Assessment Solution (ACAS) and SCAP Compliance Checker (SCC) assessments to secure software and hardware in order to secure the system and reduce or eliminate security vulnerabilities
- Provide support as an ISSE on the CAMEO application
- Support the administration of the HBSS deployment in a lab and production environment
- Implement the Department of Defense (DoD) Risk Management Framework (RMF) in accordance with DoDI 8510.01 for the analysis, design, development, implementation and security assessments to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, CNSSI 1253, and DoD RMF Knowledge Service guidance
- Expert knowledge of operating systems (Linux, Windows), network protocols and technologies, web services, databases, scripting and firewalls
- Provide in depth software architecture, systems engineering, verification and validation
- Establish major aspects of the system development life cycle (SDLC) requirements, design, implementation, and test
- Review proposed new systems, networks and software designs for potential security risks, recommending mitigations or countermeasures, and resolving integration issues
- Provide experience and expertise with security engineering and analysis, architecture and design
- Selecting, documenting, and assessing NIST security controls on newly developed systems
- Communicate with the ability to interact well in group meeting/working environments
- Support enterprise compliance and risk management and endures compliance
- Strong communication skills with multiple DoD agencies
- Experience writing, managing, and/or adjudicating System Security Plans (SSP) and all associated security controls documentation.
- Must be a US Citizen
- Top Secret Clearance
- Must be able to pass a background investigation with a favorable adjudication
- DODI 8570-1M Cybersecurity Workforce IAT/IAM Level II or III
- Minimum of 7-10 years of cybersecurity experience
- Bachelor's degree or equivalent in experience
- Must be able to work customer site in PAX River, MD
Desired Experience & Skills:
- CISSP or equivalent
- GIAC Penetration Tester (GPEN)
- Minimum of 7 years of experience, preferably with a Bachelor’s Degree in Cybersecurity or Computer Science
- Risk Management Framework (RMF) and Assessment and Authorization (A&A)
- NIST Special Publications
- Navy Qualified Validator (NQV)
- DoD Information Assurance Certification and Accreditation Program (DIACAP)
- Automated vulnerability scanning tools
- Assured Compliance Assessment Solution (ACAS) / Tenable Nessus & SecurityCenter
- DISA Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
- Enterprise Mission Assurance Support Service (eMASS)
- Administration and/or development with:
- Microsoft Windows Operating Systems
- Red Hat Enterprise Linux (RHEL)
- Apache Tomcat
- Cloud-based technologies
- Creation of network architecture and data-flow diagrams
- Familiarity with Navy Research, Development, Test, and Evaluation (RDT&E) Environments
- Experience at a joint program office or enterprise level
Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
SAIC® is a premier Fortune 500® technology integrator driving our nation's technology transformation. Our robust portfolio of offerings across the defense, space, civilian, and intelligence markets includes secure high-end solutions in engineering, digital, artificial intelligence, and mission solutions. Using our expertise and understanding of existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions that are critical to achieving our customers' missions.
We are more than 26,500 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer, fostering a respectful work culture based on diversity, equity, and inclusion that values all contributors. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.1 billion. For more information, visit saic.com.