Your essential job functions will include but may not be limited to:
- Understanding operational needs of systems at varied stages of the SDLC through participation in acquisition meetings (PMR, PDR, CDR, etc.) and concept of operation (CONOP) working groups.
- Designing and developing security requirements that drive down risk while maintaining operational capability.
- Working between architecture-level and implementation-level engineering meetings to maintain a system-wide view of security functions and apply risk mitigation strategies at the appropriate level.
- Guiding and verifying defense contractors’ work against program requirements and goals. This includes participating in technical discussions, trade studies and working groups, and conducting research on industry best practices for potential implementation.
- Interfacing with program managers to explain security goals and mitigations relative to their priorities of cost and schedule.
Due to a long-standing relationship, this position also includes Security Control Assessor duties on behalf of the Authorizing Official (AO).
- Select and tailor controls from the NIST SP 800-53 control catalog in view of system needs and constraints.
- Review system and network artifacts and conduct assessments against selected control baselines, assessing residual risk and providing recommendations to the Authorizing Official.
- Evaluate software and hardware prior to entry to networks.
Qualifications:
- 10-15 years' of related technical experience.
- Firm understanding of the DoD 8500.1-M, Joint SAP Implementation Guide (JSIG), National Institute of Standards and Technology (NIST) Special Publication 800-53
- Demonstrated ability to assess and articulate risk, including to non-technical audiences.
- Demonstrated history finding unique mitigations to varied systems’ security challenges.
- Demonstrated technical proficiency in at least one area of security (e.g. communications, networks, embedded systems, software, system testing or assessment, etc.).
- Strong research skills and a desire to learn new (emerging OR existing but unfamiliar) technologies.
- Strong communication skills, written and oral.
- Able to travel ~30% of time for program meetings.
- Experience with: Special Access Programs, acquisition programs, software engineering or code review
- IAM II (e.g. CISSP, CISM)DESIRED: Sub-field specific certifications. For example – cloud (e.g. CCSP, AWS Solutions Architect), offensive security (e.g. OSCP, GPEN), operating systems (Microsoft/Linux administration), etc.
- Bachelor’s Degree in Computer Science, Computer Engineering, Software Engineering, Electrical Engineering, or related engineering discipline.
TS/SCI required. On-site in Washington D.C.
#J-18808-Ljbffr