Clearance Required: Secret-level (DHS or TSA access preferred but not required)
SITEC is seeking a Systems Security Engineer who would like to join our team in support of the customer. The Security Engineer would be responsible for supporting the customer as part of a small team co-located between Colorado Springs, CO and Annapolis Junction, MD. This will require close collaboration and interaction with team members between the two sites. The team interfaces directly with government leadership of the agency’s Technology Solutions Division. Candidates must have experience supporting senior government representatives and have strong communication skills. Due to small size of the team and senior-level tasking, it is imperative that candidates be self-motivated and able work autonomously to complete tasks and deliverables. The mission critical nature of the position and task require that candidates be passionate about cybersecurity, security engineering, and supporting the mission of the customer.
- CISSP certification
- 5 – 15 years of experience per the job description below
- Security Development lifecycle management;
- Experience with a variety of Programming Languages including Java, PHP, C, .NET;
- Experience with various Operating Systems including Windows, Linux and Unix. Network+, CCNA, Linux+, CEH, ECSA, OSCP
- Experience with application security and testing
- Experience with web application vulnerability testing
- DevOps experience and/or background
- Review and analyze all system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests.
- Conduct audits of completed remediation packages for Plan of Actions and Milestones (POA&M) for completeness and compliance
- Draft document review and feedback on application of security and privacy requirements (e.g. technical review board (TRB), review of SPs, RA’s, contingency plan, POA&M reports).
- Determine the impact of new technology or policy (e.g., CDM technologies, anomaly based tools, virtual environments, etc.) on the TSA information security program
- Recommend, develop, and maintain monthly, quarterly, and annual Federal Information Security Management Act (FISMA) reporting documents in TSA’s required format.
- Maintain and leverage existing Security scan tools and techniques including:
- o Tenable Security Center
o AppScan Enterprise (including white and black box testing)
o Burp Suite Pro
- Support implementation of new Security scan tools and techniques as necessary.
- Prepare responses to federal ad hoc reporting requirements. The contractor shall provide to TSA an accomplishment report of Ad hoc Security Engineering services provided.
- Prepare FISMA Reporting documents quarterly and annually.
- Report on FISMA Inventory and provide POA&M reports monthly.
- Develop alternatives of system designs and/or architectures which consider trade-offs between security requirements, functional/operational requirements and cost.
- Determine the impact of new or changing applicable federal policy changes.
- Determine the impact of new or revised legislation and regulations (OMB, HIPAA, FISCAM, etc.).
- Provide security engineering subject matter expertise in coordination with Enterprise Architecture and Technical Review Board to conduct technical review board program planning reviews related to future enterprise architecture updates and proposed information security mechanisms
|Job Category||ISSO/ISSE, IT Security, Software Engineer|
|Clearance Level Required||Secret|
|Years of Experience Requried||5 - 15|