Information System Security Engineer

GDIT is your place. Make it your own by discovering new ways to apply the latest technology securely and expertly. Own your opportunity at GDIT and you’ll be a meaningful part of improving how agencies operate. Our work depends on an Information Systems Security Engineer joining our team.

At GDIT, we foster a people-centric environment. As an Information Systems Security Engineer, you will be responsible for capturing and refining information security requirements and ensuring their integration into information technology component products and information systems through purposeful security design or configuration. You will work closely with other project managers and various software engineering, infrastructure, and technical operations teams to assess requirements, coordinate resources, and deliver information security updates for the customer.

The ideal candidate will have experience performing industry-standard ISSE tasks, as well as experience in tailoring standard process lifecycles to function effectively in a small, fast-paced environment. S/he must have strong written and verbal individual and organizational communication skills and the ability to articulate technical project requirements to both customers and internal teams.

KEY RESPONSIBILITIES

• Participating in high-level enterprise architecture analysis, evaluation, design, integration, documentation, and development to include security control design and security package documentation.

• Understanding, implementing, documenting, communicating, and assessing NIST 800-53 security controls

• Documenting security control implementations and the respective systems, applications, tools, devices, etc. that are part of the comprehensive solution.

• Identifying the artifacts that demonstrate security controls are implemented as documented.

• Analyzing security controls and the impact major and/or significant changes would introduce to the environment.

• Researching remediation options for findings or vulnerabilities identified for security controls.

• Assessing and/or authorizing systems in accordance with the Risk Management Framework (RMF).

• Applying high-level business and technical principles and methods to very difficult technical problems to arrive at creative information

• Recommending, taking action, and documenting the solution to direct the analysis of IA/security control-related issues.

• Supporting the IA functions and related security controls for the services deployed above the hypervisor to customers in the DOD on-premise and cloud based offerings.

• Consulting with customers in the DOD on-premise and cloud based offers on authorizing their systems through DOD RMF.

 EDUCATION AND EXPERIENCE

• Active Secret Clearance

• Bachelor’s degree in a related business or technical discipline (Systems Security Engineering, Software Engineering, or Computer Science, etc.), or the equivalent combination of education, technical training, or work/military experience

REQUIRED QUALIFICATIONS

• 5+ years or relevant experience.

• Ability to work closely with stakeholders, developers, and external teams including customer security managers (ISSMs), organizational leadership, and key personnel.

• Identify requirements for documentation associated with system categorization, the System Security Plan, and systems risk assessment as required under NIST 800-53/53A.

• Previous experience completing customer Assessment and Authorization (A&A) process from start to end.

• Demonstrated on-the-job experience with RMF implementation and tracking tools like Enterprise Mission Assurance Support Service (eMASS).

• Assess system compliance with NIST requirements, identifying weaknesses and evaluating planned remedial actions based upon those requirements.

• Support control implementation assessment and reporting and monitoring processes using cyber security and assessment management systems.

• Understanding of perimeter controls (firewalls), access control mechanisms, and network architectures.

• Strong understanding of methodologies for researching and documenting software and hardware vulnerabilities.

• Skilled in cross-team collaboration and effective communication to fulfill specific accreditation requirements.

• Strong verbal and written communication/cooperation within a team context.

• Ability to work within fast-paced customer environments.

• Demonstrated skill documenting processes and procedures in CONOPS, system security, contingency, configuration management and other plans.

• Demonstrated ability to facilitate customer concurrences required for risk-based decisions requiring waivers.

• Experience assisting the customer with decisions impacting the security posture and compliance of their systems and networks with requirements as documented in NIST 800-53 and its revisions.

• Excellent verbal and written communication skills.

• Experience with Microsoft Office tools like PowerPoint, Word, Excel, etc.

• Secret and must be able to receive favorable Top Secret / SCI adjudication.

• Senior level positions require 5+ years of related experience and DoD 8570.01 IAM Lvl III certification.

• Travel required.

 DESIRED QUALIFICATIONS

• Certified Information Systems Security Professional (CISSP) or DoD 8570.01-M IAM Lvl II certification.

• Demonstrated on-the-job experience with Jira Software for planning and tracking projects.

• Knowledge of the US Military, their network systems and infrastructure, processes and procedures, and request and approval tools.

• Skilled with and/or demonstrated technical aptitude with vulnerability and risk assessment tools such as Elasticsearch or Splunk SIEMs, ACAS (Nessus), and ESS (HBSS).

GDIT IS YOUR PLACE:

• 401K with company match

• Comprehensive health and wellness packages

• Internal mobility team dedicated to helping you own your career

• Professional growth opportunities including paid education and certifications

• Cutting-edge technology you can learn from

• Rest and recharge with paid vacation and holidays