SAIC is looking to fill a position for a Computer Security Systems Specialist to analyze and define security requirements for MLS issues. Design, develop, engineer, and implement solutions to MLS requirements. Guide effort to gather and organize technical information about an organization's mission goals and needs, existing security products, and ongoing programs in the MLS arena. Perform risk analyses which also includes risk assessment. Develop security standards.
The primary role of this individual will be to service as the Information Systems Security Officer (ISSO) for customers emerging cloud technologies and services. In this capacity you will work with other security and IT professionals to assess and determine how best to configure the information system to conform to NIST 800.53 security baseline. You will work with internal and external audit teams to assure them and NNSA oversight that the system is operating as designated to maintain Authority to Operate (ATO) status.
Additional responsibilities will include engaging with IT organizations to provide information and guidance in regard to Cloud Computing operations and obtaining approvals for applications and containers to operate in the customers cloud architectures, active participation in a cross complex classified collaboration effort, participation is strategic planning activities, working with Sandia's mission\business organization to identify areas where investments made by this team in on-premises and off-premises solutions can be leveraged by the Cloud Computing team.
PRIMARY JOB DUTIES:
- Identifies information security requirements and ensures they are effectively integrated into information technology component products and information systems through purposeful security architecting, design, development, and configuration.
- Conduct research in cyber security technologies to discover and test methods of securing the cyber environment, including encryption, authentication, identity and access management, vulnerability assessment, penetration testing, and intrusion detection.
- Develop acceptance criteria for cyber security architecture.
- Define security objectives and system-level performance requirements.
- Identify best practices when implementing security controls within an information system including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques.
- Work with oversight officials to achieve effective information assurance in support of program and project mission requirements. Ensure effective security solutions through auditing, risk-assessment, and self-assessment efforts as required by law, policy, or security plans.
- Research or develop methodologies for conducting digital/electronic forensics, intrusion detection, insider threat monitoring, risk management, and incident response and remediation.
- Coordinate cyber security-related activities with information security architects, senior information security officers, information system owners, common control providers, and information system security officers.
- Act as a cyber security subject matter expert to address customer questions and concerns.
- BS/BA in IT-related field (i.e. Computer Science, Information Technology, Information Assurance) plus five (5) or more years' experience or 10 years or more of related experience in lieu of degree)
- Experience in various cyber security, IT, and mission/line work areas within highly regulated Entity.
- Experience in effectively implementing accrediting agency cyber security requirements and orders, including understanding best practices and National Institute of Standards and Technology (NIST) principles.
- Candidate can work remotely but will be required to travel to the customer's work site several time a year.
- Candidate can start uncleared but must be able to obtain a DOE Q Clearance
- Prior experience as an Information Systems Security Officer (ISSO) or as a Security Control Assessor (SCA)
- Broad technical knowledge in the following areas:
- Virtualization and/or Cloud technologies
- Windows, Unix and Linux operating systems
- Risk management and assessment procedures
- Network security and architecture
- Wired and wireless security
- Enterprise and security architecture
- Experience in one or more of the following: cloud security, cyber vulnerability assessment, penetration testing, intrusion detection systems and countermeasures, network protocols and monitoring, host forensics and memory forensics, network traffic analysis.
- Demonstrated ability to deliver results
- Demonstrated experience working in roles with Audit and Accountability responsibility
- Demonstrated ability to team
- Experience and/or achievements that demonstrate the knowledge, skills and ability to perform the duties of the job.
- Demonstrated ability to team effectively in a collaborative research environment and across technical disciplines.
- A subset of the following:
- Familiarity with OpenStack.
- Understanding of containerization technologies, such as Docker.
- Understanding of continuous integration software, such as Jenkins.
- An understanding of software development processes in an Agile environment.
- Familiarity with different programming languages and methodologies.
- Familiarity with application profiling and system performance tuning.
- Knowledge of white, gray, or black box testing techniques.
- Experience with vulnerability assessment tools, such as Tenable Security Center and Nessus scanners.
My SAIC Benefits.