More About the Role:
The candidate provides Systems Security Engineering (SSE) designs and implementation in all aspects of Information Assurance Engineering. Assesses and mitigates system security threats/risks throughout the program life cycle; validates system security requirements definition and analysis; establishes system security designs; implements security designs in hardware, software, data, and procedures; verifies security requirements; performs system certification and accreditation planning and testing and liaison activities and supports secure systems operations and maintenance.
What You'll Get to Do:
Balance security, compliance, performance, power and cost for a diverse portfolio of embedded devices.
Evaluate the security of new product designs and analyze vulnerabilities and threats.
Support the implementation and administration of information security policies, procedures, and technologies to ensure the protection of systems, applications, and data on NASA NEST.
Provide professional security services for IA/Cybersecurity in accordance with US Government (USG), and NIST policies and guidelines.
Provide the necessary support to monitor and ensure compliance with information security policies, procedures and regulatory requirements including assistance with internal auditing, reporting, technical reviews, and identification of security risks.
Provide technical assistance in support of Cybersecurity inspections and Site Assistance Visits (SAV).
Assist with drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Plan Of Action and Milestones (POA&M), and Federal Information Security Management Act (FISMA).
Support network and infrastructure accreditations.
You'll Bring These Qualifications:
- Requires BS Degree and 4-8 years of prior relevant experience or Masters with 2-6 years of experience.
Experience running and managing vulnerability assessment tools.
Excellent verbal and writing skills and the ability to write clear and concise assessment reports.
Be able to execute in a high-pressure environment with tight timeframes.
Prior experience executing vulnerability assessment activities such as vulnerability scans, penetration tests, and application security code reviews.
Technical security certifications preferred, such as GPEN, CISM, and/or CISSP.
Displays a proven track record in executing vulnerability assessment activities.
These Qualifications Would be Nice to Have:
Scripting experience/knowledge (bash, Powershell, VB, etc.).
Basic understanding of network protocols.
Familiarity with Vulnerability scan reporting.
Good Analytical skill set (Root Cause Analysis, analyzing scan data).
Knowledge of Incident Response procedures, forensics.
Some/Any programming knowledge.
Knowledge of how to create or apply GPOs (either local or domain).
Know different Microsoft patching processes and how they work.
Knowledge of NAC.
How to analyze a "quarantined" system and remediate what NAC could not perform.
Operating System knowledge and/or certifications.
Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.