SENIOR INFORMATION SECURITY SYSTEMS ENGINEER - Rochester-New York ( USA) FTE ( Full time Employment)
Job Location: Rochester, NY
Experience in Static Application Security Testing (SAST) for Application Security and Development STIG compliance using tools such as Fortify and Twistlok as part of a DevSecOps Continuous Integration/Continuous Deployment (CI/CD) Pipeline, and generation of summary reports.
Experience in AF IC & ICD 503 Risk Management Framework (RMF) accreditation and authorization (A&A) processes to include RMF steps 1-4 (categorization, controls selection, control implementation, security assessment) and standard body of evidence (BoE) package development.
Understanding of security control inheritance in terms of IaaS, PaaS and SaaS relationships.
Experience with A&A package processing in Xacta.
Experience in C2S & SC2SCloud authorizations, FedRAMP and DISA CSP requirements.
Experience in DoD software selection and approval processes for COTS, GOTS and FOSS.
Experience in the application of DISA SRGs and STIGs in a cloud-deployed Linux environment with containerization.
Support security engineering activities, including basis of estimate development, requirements development, design, test, configuration management and maintenance of information systems and data.
Assist program security in the development of policies and procedures for emerging security technologies.
Support vulnerability assessment activities as required.
Support the evaluation, qualification, testing and delivery of security architecture improvement, obsolescence replacement and vulnerability response projects.
Must have the ability to work remotely due to COVID-19 (SARS-CoV-2) (up to 75%). Work will be performed onsite when required.
Education: Top Secret / SCI security clearance required.
Bachelor’s Degree and minimum 6 years of prior relevant experience, or
Graduate Degree and a minimum of 4 years of prior related experience.
DOD 8570.01M IAT 2 certification.
Preferred Additional Skills:
Experience in Model-Based Systems Engineering (MBSE).
Linux system administration skills.
Experience in the content development and administration of SEIM/audit reduction tools (e.g., Splunk).
DOD 8570.01M IASAE 2 or IAT 3 certification is desired.
Strong understanding of engineering processes, concepts and information security systems engineering principles (NIST SP 800-160 Vol1).
DB and web server security (PostGRE & Tomcat).
System test and evaluation methods and RMF assessment methodology & process.
Experience in Cyber Defense technologies.
Experience in configuration and use of cyber defense and vulnerability assessment tools such as ACAS and SCC.
Understanding of system vulnerabilities and exploitation.
SKILLS AND CERTIFICATIONS [note: bold skills and certification are required]
Security Clearance Required: Yes
Visa Candidate Considered: No
Benefits - Full
Relocation Assistance Available - Yes
5+ to 7 years experience
Seniority Level - Mid-Senior
Management Experience Required - No
Minimum Education - Bachelor's Degree
Willingness to Travel - Never