IT Systems Security Engineer

Job Description

Description

SAIC is seeking a well-qualified Security Engineer to join an exciting program supporting our customer's Office of Security. This position is located in Springfield, VA.

This program is able to quickly adjudicate a polygraph for those with an active TS / SCI clearance. An active TS / SCI is required to be considered for this role.

This position will be responsible for the following :

• Develop, update, and or review Risk Management Framework (RMF) documentation to include (Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports.
• Assess system compliance against National Institute Standards and Technology (NIST), Department of Defense (DOD), and customer Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRG).
• Produce evidence as necessary to compliance status of NIST, DOD and customer security requirements as necessary to meet government requirements.
• Work with system administrators, engineers, and developers to create or update system / site policies, procedures, and process guides.
• Coordinate with other SME's, internal, and external customers to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories.
• Analyze vulnerability scans of information systems and assist in remediation tasks.
• Conduct risk and vulnerability assessment of information systems to identify vulnerabilities, risks, and protection needs.
• Facilitate or participate in meetings with stakeholders to discuss statuses and efforts of SIS systems and report to government on findings.
• Prepare and submit bi-weekly reports to team leads and government engineering team regarding system / program status.
• Serve as a Subject Matter Expert (SME) on one or more technologies / skills related to Assessment & Authorization (A&A) activities.
• Actively facilitate and participate in regular A&A status meetings with government and task order personnel to facilitate progress and address potential issues of RMF system efforts.
• Participate in sessions aimed and identifying, planning, and executing strategies in response to emerging cybersecurity RMF policies.
• Maintain industry awareness and knowledge of evolving security and risk management standards to include DOD, and customer policies, procedures and regulations and communicate and apply relevant changes to existing processes.
• Ensure proper use of remote access connectivity from the customer to Background Investigations systems approved by the customer's CIO-T office, and maintained in accordance with NGA's policy and procedures.
• Ensure File Transfer Protocol (FTP) connections from the customer to the Background Investigation system meets NGA and NIST requirements.
• Ensure site to site Virtual Private Network (VPN) tunnels are established based on NGA and DOD requirements.
• Ensure customer approved documentation of all interconnections with systems in the SIS footprint connected to customer infrastructures.
• Conduct audits on computer systems to detect, prevent, and record computer use and abnormalities, Report to Information System Security Officer (ISSO) or Information System Security Manager (ISSM) any attempts by non-authorized users to access SIS systems and provide monthly logs to the customer.
• Ensure data is being protected in accordance with NGA and DOD policies, standards, regulations, and procedures for the SIS specified systems.
• Coordinate the use of multiple security countermeasures to protect the integrity of the information assets in SIS systems enterprise i.e. firewalls, access control, auditing etc. In accordance with accreditation standards using NIST's Intelligence Community Directive (ICD) 503
• Develop, update, ensure security policy and procedures follow the accreditation standards using the NIST'S ICD 503, Risk Management Framework (RMF), and categorizing methods
• Ensure the protection of the security system through implementation of security controls that protect against malicious behavior to include intrusion, tampering and virus detection
• Ensure documentation of specific equipment restrictions, to include documentation on all interconnections required for all SIS systems
• Ensure no personal computers, peripherals or other agencies computers, not authorized by customer CIOT, will be used across interconnection or on customer Networks

Qualifications

Skills and Experience Required :

Desired :

Overview

SAIC accepts applications on an ongoing basis and there is no deadline.

SAIC® is a premier Fortune 500® mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, civilian and intelligence markets includes secure high-end solutions in mission IT, enterprise IT, engineering services and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives.

We are approximately 24,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.5 billion. For more information, visit saic.com. For ongoing news, please visit our newsroom.