Canfield Cybersecurity Group is looking for an experienced information security system engineer to support an upcoming contract with the Defense Information Systems Agency. This position will provide independent validation and verification to ensure that DISA capabilities are following policy, such that the capabilities are cyber secured.
Please note that this position is contingent upon contract award.
- 10 years of specialized experience in the field of information systems security engineering.
- Hold an active Secret clearance.
- Information Assurance Systems Architect and Engineer (IASAE) Level III certified in accordance with DoD 8570.01-M
- Expert knowledge of information security architectures and infrastructure including network designs, web services, application services, databases, directories, cloud technologies, virtual environments.
- Strong background in cybersecurity DoD standards;e.g. National Institute of Standards and Technology (NIST) Special Publications (SP), DoD Memorandums, Security Technical Implementation Guides (STIGS), Committee on National Security Systems (CNSS), DoD Instructions, Internet Engineering Task Force (IETF), Risk Management Framework (RMF) and other DoD and commercial standards.
- Capable of communicating cybersecurity policies and principals at all levels of the organization; prepare/present briefings to senior management officials on complex Information Security issues.
- Able to collaborate closely with systems engineers, developers, contractors, program management offices to mitigate design risks and to recommended solutions to address security flaws identified in system designs. Evaluate and provide oversight on security architectures and design requirements in all phases of the system lifecycles.
- Demonstrated expertise in bridging the gap between high level DoD and Commercial security policies and best practices to the technical and operational implementation of those requirements. Focus on porting requirements to cutting-edge technologies such as Docker Containers, Infrastructure as a Service (IaaS), etc.
- Capable of utilizing engineering experience to develop robust technical solutions and identify security tools to aid mitigating security vulnerabilities and creating repeatable processes.
- Able to provide feedback on the STIG recommendations identified by the material developer. Ensure that the developer understands the requirements and the proposed design is compliant with requirements identified in these STIGs.
- Capable to lead and conduct Security Engineering Reviews (SERs) for the purposes of verifying all IA aspects of the design and ensuring the developer understands the requirements.
- Experienced in conducting analysis of software for risk assessment and approval into the software baseline (Open Source Software (OSS), commercial off the shelf (COTS), reuse of government off the shelf (GOTS), freeware, shareware, mobile code).
- Experience in participating in the Cybersecurity Validation Hot Washes, Cybersecurity Team meetings, and the Cyber Security Assessment Readiness Review (CSARR) meetings.
|Job Category||Information Security System Engineer to Support(ISSE)|