Principal Information Systems Security Engineer

Company: DPG Solutions, LLC
Location: Aurora
Posted on: March 19, 2023

Job Description:

Position Details: Principal Information Systems Security Engineer Location: Aurora, CO Openings: 1 Salary Range: $110,000 - $160,000 Description:Information Systems Security Engineer (ISSE):DPG Solutions -has an immediate career-growth -opportunity for a -collaborative -and highly skilled Information Systems Security Engineer.The ISSE will join our Tech Ops IV program engineering team in Aurora, CO, -supporting -a high priority 24x7 operational system. The ISSE performs core activities to include providing certified -services -and -support -for Information Assurance/Program Protection efforts for compliance with governing DoD Cybersecurity directives. This position will -support -activities of the program to target, assess, and report -risks -and -vulnerabilities -of Intelligence -Community organization -systems in order to provide senior -decision -makers with actionable data to make strategic decisions. The ISSE shall perform, or review, technical security assessments of computing -environments -to identify points of -vulnerability -and non-compliance with established Information Assurance (IA) standards, regulations and recommend mitigation strategies. This position is -responsible -for the maintenance and administration of multiple domains, including a 24/7 operational system and a test facility. Must be willing to occasionally provide after hour -support -to the 24/7 operational system.Duties and -Responsibilities:Implement Information Assurance (IA) processes, provide guidance, and -develop -documentation throughout the system development life-cycle via the RMF resource in ServiceNOW.Develop, implement, and document formal security policies and System Security Plans (SSP) throughout the program and monitor compliance to these policies during all phases of the -Risk -Management -Framework (RMF) process.Utilize -Enterprise -Security -Services -to provide analysis of -vulnerabilities -and compliance -risks -in ACAS, -Enterprise -IT audit logs in ArcSight and Splunk, McAfee Host-Based Security -Services -(HBSS), User Activity Monitoring (UAM), and Cyber Terrain Mapping (CTM) on 100+ nodes.Monitor Heat Map Score matrix and evaluate cyber -risk -data, keeping the score at acceptable -risk -levels for the security categorization of the asset(s) and their -Risk -Evaluation Lanes (REL).Care -for and deliver system authorization and accreditation packages, for 4 assets that span 3 different classification levels.Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans, etc.).Assess/calculate -risk -based on threats, -vulnerabilities, and shortfalls uncovered in routine analyzation of Continuous Monitoring (ConMon) controls and provide those results as Body of Evidence (BoE) to be evaluated in 7, 30, 90 and 365 day increments as the control metrics require.Direct -activities desired to remediate system-level information security weaknesses tracked via the FISMA (POA M) process. Document the elements of the plans, milestones for correcting the weaknesses, and scheduled completion dates for the milestones, periodically reporting remediation progress as necessary.Brief guidance, as -needed, on the status of action items and/or results of activities affecting the security posture of the program.Able to -collaborate -and communicate effectively with other system engineers, system administrators, software developers, and information assurance professionals.Qualifications:Minimum 5 -years' experience, in a security position for the government or government contractor in the Intelligence -Community -(IC).A Bachelor's Degree in Information Technology, Information Systems Security, Cybersecurity, or related field.DoD 8570.01 IAT level 2 or greater cybersecurity certification per DoD 8570.01Experience in security systems engineering -involving -Linux and CENTOS operation systems and application -solutions -in both -stand-alone and LAN/WAN configurations.Must be a US Citizen with current/active -TS/SCI with polygraph.Required -Skills:Minimum of 10 -years' related experience in Cybersecurity, Systems or Software Engineering, for the government or government contractor, if other than IC position.Experience developing Security Authorization Requirements, performing -vulnerability -assessments, and implementing -threat -mitigation updates on embedded systems and products.Experience configuring and hardening COTS components with STIGs.Continuous Monitoring and Network monitoring experience.Experience with product development including architecture, requirements, design, integration and testing.Experience with compliance implementation of security requirements (i.e. -Risk -Management -Framework and other A A processes).Experience participating in technical reviews with both external and internal -customers.Coordinate with ISSO/ISSM to update POA M and reflect open -vulnerabilities -associated with servers and workstations, -develop -remediation plans to include milestone completion dates and status updates, and include mitigation process for closed -vulnerabilities.Participate in Configuration Control Board (CCB).Desired Skills:Experience using DISA Security Technical Implementation Guides (STIGs).Experience -onboarding -assets to centrally managed -Enterprise -solutions.Experience conducting -risk -analysis on products and system components through review of CVEs, plugins, IAVAs.Experience in conducting software due -diligence -with COTS/GOTS and proprietary -solutions.Positive, self-motivated -individual -who can complete tasks -independently.Experience with multi-level security -solutions.Experience working in Systems Engineering on -complex -embedded systems.Required -Education (including Major):Bachelor's Degree in Engineering, or related Science, Technology, Engineering, Mathematics (STEM) degree program.10 -years' experience in lieu of formal degree.

Keywords: DPG Solutions, LLC, Aurora , Principal Information Systems Security Engineer, IT / Software / Systems , Aurora, Colorado