Information System Security Engineer

About

SAIC is seeking an Information System Security Engineer (ISSE) to provide information security support. This position is in McLean, VA and requires an active TS/SCI clearance with Polygraph.

This Customer's office is the force of choice for the development of global infrastructure and delivery of solutions that drive influence operations. If you have specialized skills in information security and tech ops, this is the role for you.

Responsibilities

• Support the Lifecycle Assessment and Authorization (A&A) process.
• Develop a Systems Security Plan (SSP).
• Assist and maintain a formal Information Security Program that includes recommendations on continuous improvement of the processes and architectures.
• Maintain and make accessible documentation of all operational and business process activities in the form of Standard Operating Procedures (SOPs).
• Monitor and track projects in the A&A queue.
• Analyze SSPs to develop an understanding of the customer's systems and applications.
• Coordinate A&A actions and system testing with appropriate security personnel.
• Develop risk assessments, recommend mitigating countermeasures, and write short, succinct risk assessments, and certification reports for submission to the Chief Information Officer (CIO).
• Monitor and track projects in the A&A queue.
• Maintain a document repository where A&A project documentation is stored and recorded and register actions concerning project approvals to operate in the A&A database.
• Assemble and submit A&A packages to the Principal Accreditation Authority or Designated Accreditation Authority.
• Review and approve product requests for procurements.
• Provide security guidance in terms of policy and technical implementation of those policies.
• Produce and assist with production of technical artifacts required for A&A packages such as a System Security Plan, Audit Strategy.
• Configuration Management Plan, Security Controls Traceability Matrix, Project Plan of Action and Milestones.
• Monitor and address cyber risks such as malware, zero-day attacks, denial of service attacks, as well as associated mitigations regarding computer and network devices.

Qualifications

• Active TS/SCI with Polygraph.
• Bachelor's degree and 14 years or more experience; Master's degree and 12 years or more experience; PhD and 9 years or more experience.
• CISSP Certification.
• Demonstrated experience with:
  • Computer networking in Windows AND Linux.
  • Website configuration.
  • Basic software development knowledge.
  • Eliciting information on complex technical problems from non-technical personnel for use in diagnosis, analysis, resolution of problems.
  • Customer regulations and standards, including Information Security (INFOSEC) and Communications Security (COMSEC).
  • Managing security aspects of deployed infrastructure and technical solutions.

Desired Skills

• Demonstrated experience with Rapid7, WebInspect, AppDetective, CIS-CAT, and other vulnerability assessment tools and processes.
• Information security certifications such as CISSP, CISSE, CISA, CEH, CCSP, etc.
• Demonstrated experience with computer and network vulnerabilities (e.g., malware, zero-day attacks, denial of service attacks, etc.).