about 1 month ago
Job Description Job #: 7721
Title: Information System Security Engineer 3
JND - Data Center Services
ADDITIONAL POSITION INFORMATION:
ieSolutions is an Equal Opportunity Employer (EOE). M/F/D/V.
Security Clearance Requirement: Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. US Citizenship REQUIRED
This full-time contract position will be located in the Data Center Services (JND) organization under the Infrastructure Services (JN) organization within the IT department. The role of the Information System Security Engineer (SE) is to serve as a member within our client's Information Technology (IT) Operations teams, evaluating and engineering various technical, operational and management solutions to security problems related to approved IT projects. This position is responsible for engineering, planning, implementing, upgrading or monitoring security measures for the protection of computer networks and information. This position is located at our client's Headquarters in Portland, OR.
SPECIAL REQUIREMENT: This position requires confidentiality, professionalism and requires passing a higher level background investigation, for which the incumbent must qualify to hold or continue to hold the position.
Position Responsibilities include:
Note: all official drafts, documents, materials and recommendations, as listed below, must be reviewed, finalized and approved / accepted by appropriate manager and/or other federal personnel with the authority to do so.
Analyze risk of existing and proposed system architectures and their security policies.
Document risks and propose risk treatment plans for information systems. Alert Manager of any risks to our client's Systems.
Evaluate operating practices and documentation to confirm if controls and security measures are adequate.
Propose updates to technical control standards supporting the various platforms, systems, and environments.
Assist software engineers with implementing secure code development practices.
Assist Managers and application teams with implementing secure configurations of commercial off-the-shelf software.
Conduct vulnerability testing in all environments (development, test, and production). Notify the manager if vulnerabilities are detected.
Continually review system logs and monitoring tools for potential incidents.
At the request of the Manager and with the assistance of staff, act as a resource and provide innovative solutions by investigating, analyzing, and resolving highly complex security-related questions and problems.
Provide technical security support to the IT Operations staff and other IT teams.
Support IT System Security projects, coordinate efforts with team members, maintain proper communication to management as well as contribute to the overall success of the project through completion.
As requested by the Manager, communicate the importance of Information Security to cross-functional teams.
Promote collaboration, cooperation, communication and teamwork within IT Operations staff, and project counterparts outside of the team.
Perform risk assessments and facilitate tests of data processing systems to maintain proper functioning of data processing activities and security measures.
Provide training to Operations staff (including system, virtualization, and database administrators) and promote security best practices.
Minimum Education/Experience Requirements (education/experience combination must meet/exceed one of the following):
o Bachelor of Science Degree in Computer Science required, with 5+ years of related IT Security Engineer or equivalent experience.
o Bachelor's Degree in Information Technology plus post graduate work (Master's degree or above) in Information Technology or 5 years related experience can be substituted for Bachelor of Science in Computer Science.
o 10+ years of related IT Security Engineer or equivalent experience can be substituted for education requirements.
o Experience must include hands-on technical implementation of information systems commensurate with the professional certification of CISSP, SANS/GIAC, etc. The hands-on technical experience should have employed or leveraged technologies involved in information systems such as, but not exclusive of or limited to, Active Directory, MS SQL or Oracle, IPSEC, Operating system security configurations (DISA STIG, FDCC, CIS, etc.), WAN, LAN, and web services (Apache, Internet Information Server, etc.).
3+ years effectively performing security control implementation on networks, servers and systems and/or vulnerability assessments is required.
Experience in evaluating various different technical, operational and management solutions to security problems, using written language and various media to present alternatives and recommendations is required.
CISSP Certification is desirable.
SANS/GIAC Certification is desirable.
Ability to evaluate various different technical, operational and management solutions to security problems, using written language and various media to present alternatives and recommendations.
Ability to develop documentation sufficient to arrive at logical and comprehensive conclusions and recommendations. The documentation must be of a sufficient professional level to stand as an artifact for reuse as part of the security architecture.
Ability to work in hands-on technical implementation of information systems.
Ability to perform analysis of in-place technical and non-technical security controls protecting information and information systems.
Ability to clearly communicate results of discussion, artifacts and recommendations.
Familiarity with the System Development Life Cycle and the 800 series of National Institute of Standards & Technology (NIST) Special Publications (in particular 800-37, 800-39, 800-53, 800-53A, 800-94 and 800-115).
Knowledge of networking and internetworking (e.g. routing, switching etc.), computer and network device operating systems (e.g. Windows, Unix, Linux, IOS etc.), firewalls, and general security engineering concepts.
Knowledge of software and system development and architecture in support of security engineering concepts.
Knowledge of vulnerability research methodologies and sources.
Knowledge of United States (US) Government security authorization (certification and accreditation) policies and processes.
Knowledge of the Federal Information Security Management Act (FISMA) and its implementation through NIST 800-53.
Knowledge of security engineering.
Knowledge of security incident handling, response and follow-up.
Organization and information-gathering skills.
Possess advanced technical analysis skills.
Ability to perform successfully in a team environment.
Possess strong technical writing skills and verbal communication skills. Work non-core hours as circumstances warrant.
Provide guidance and input to technical reviews of proposed projects, and the certification and accreditation process.
Carry out assigned tasks with a professional demeanor, as exhibited in excellent written and oral communication skills, listening skills, patience, logical and sound reasoning, and problem-solving approach.
Apply technical and English language skills to communicate effectively via telephone, e-mail correspondence, and in-person meetings
Meet timelines, milestones, deliverables, and provide timely status updates on assigned tasks.
Support a sustainable infrastructure by maintaining adequate documentation of activities, including cross-training of employees as necessary.
Ensure proper identification of self as a contract worker in all communications, correspondence, etc.
This position requires confidentiality, professionalism and requires passing a higher level background investigation, for which the incumbent must qualify to hold or continue to the position.
The selected candidate will be required to sign a Non-Disclosure Agreement (NDA) as a condition of the contract assignment.
This position may be eligible for situational offsite work, subject to the completion of a Supplemental Labor Offsite Work Memorandum of Understanding.
RSA token shall only be utilized when conducting work directly related to the API. Any other work is unauthorized. Contract worker is responsible for the safe-keeping of the issued RSA token at all times. If the RSA token is lost or compromised, immediately contact the COTR. All information associated with work performed offsite must be maintained in the network environment. No client information will be allowed to be transmitted, stored and created, etc., on the contract worker's personal devices. Contract personnel must follow all client and government-wide security, asset management, and cyber security policies and procedures.
Up to 5% Overtime may be required.
Travel is expected (rough estimate of 5%) to meetings/trainings only.
Valid State Driver's License is required.
Computer Access:The work to be performed by the Security Engineer requires user level and at times privileged access to our client's IT networked and desktop systems, which may contain data and information falling under one or more of the following categories: Official Use Only (OUO)..... click apply for full job details
14 days ago
only 14 days until close
11 days ago
only 17 days until close