The Lead Information Security Engineer is a member of the United States Army G-2 and United States Army Forces Command (FORSCOM) Information Assurance team that is responsible for delivering security requirements and coordinating information security risk assessments to ensure compliance with DoD policy, standards, procedures and industry best practices. The Lead Engineer in Systems Engineering is responsible for administrating and integrating security infrastructure, including security event feeds, event processing, and asset intelligence tools. The Lead Information Security Engineer works with the developers and system owners to ensure the systems comply with Federal Information Security Management Act (FISMA), NIST, DoD, and Intelligence Community requirements, as applicable. This is done by employing well-defined security policy models, structured, disciplined, and rigorous hardware and software development (and testing and certification) techniques, and sound system/security engineering principles. Assurance is also based on the assessment of evidence produced during the initiation, acquisition/development, implementation, and operations/maintenance phases of the SDLC (Software Development Life Cycle).
Perform as the Information Systems Security Manager (ISSM) for Federal systems. Lead security authorization processes and procedures. Recommend security best practices and system configuration standards.
Write System Security Plans, Plan Of Actions and Milestones (POA&Ms), Risk Assessments, Privacy Impact Assessments (PIAs), and supporting documentation for systems subject to NIST SP 800-53. Achieve and maintain ATO (Authority To Operate), as required. Develop, implement, and evaluate security Concept of Operations (CONOPS), System Security Plans and to satisfy Certification and Accreditation requirements in accordance with NIST 800-53, FISMA, Risk Management Framework (RMF) and other government guidelines, as required. Writes BC (Business Continuity)/DR (Disaster Recovery)/CP (Contingency Plans)/COOP (Continuity of Operations) plans, test plans, and test reports for federal systems. Advises leadership on cyber security risk management, security strategy, security project planning, and security architecture. Perform scans, review the results, and write necessary reports and plans.
Conduct periodic reviews to ensure compliance with established policies and procedures ensuring all software, hardware and firmware changes recorded as required by established configuration management procedures
Ensure systems are operated, maintained and disposed of in accordance with applicable governing policies and procedures
Perform IS security briefings, report all security incidents and investigate, document and report, as well as provide protective and corrective measures in response to such incidents. Coordinate and participate in special projects concerning information security, including testing and implementation of security software enhancements.
Develop, facilitate, and present information security awareness and security training on various customer and corporate security policies
Maintain a broad knowledge of technology, equipment and/or systems to include the configuration, maintenance, analysis and use of computer forensics tools, steganography and metadata tools, audit reduction tools, firewalls, various operating systems, and phone switches. Interface with appropriate government agencies, company management and employees, customers, vendors, and suppliers to ensure understanding of and compliance with security requirements
Undergraduate degree in Computer Science Engineering, Management Information Systems, related field, or equivalent experience.
7 years of relevant experience with Certification and Accreditation (C&A) or Assessment and Authorization (A&A).
Any DoD 8570 approved baseline certifications (e.g. CISSP, CEH, CAP, CISM)
Technical Writing Experience (creating/updating IA policy & procedure documentation), Excellent written and verbal communication skills with strong presentation abilities, Must be able to work well on independent engagements as well as within a team setting, Strong client presence and interaction abilities
Excellent understanding of common computing platforms, including Windows Server, RedHat Linux Server, and vendor specific appliance support.
US-Fort Bliss-TX-EL PASO