|Senior, Security Assessment and Authorization Engineer|
|USA VIRGINIA Reston|
Entering ManTech s 50th year, we hold the distinct honor of being named a Top 100 Global Technology Company by Thomson Reuters. We have earned this and many other accolades over the years for our dedication to serving the missions of our nation s most important customers: U.S. Intelligence, Defense and Federal Civilian agencies. All know us as a trusted partner offering best-in-class solutions in cyber, data collection & analytics, enterprise IT, and systems and software engineering tailored to meet their specific requirements.
Become an integral part of a diverse team in the Mission, Cyber and Intelligence Solutions (MCIS) Group. Currently, ManTech is seeking a motivated, mission oriented Senior Security Assessment and Authorization Engineer in Washington DC area, with strong Customer relationships. At ManTech, you will help protect our national security while working on innovative projects that offer opportunities for advancement.
The FSS Division provides cyber solutions to a wide range of Defense and Intelligence Community customers. This division consists of a team of technical leaders that deliver advanced technical solutions to government organizations. Our customers have high standards, are technically adept, and use our products daily to support their mission of protecting national security. Our contributions to our customer s success is driving our growth.
Role and Responsibilities:
Conduct Security Control Assessment Kick-off Meetings;
Prepare the Security Assessment Plans;
Conduct the Security Assessment Kick-off Meeting;
Conduct Security Assessment via document examination, interviews and manual assessments;
Analyze automated scan results;
Populate the Requirements Traceability Matrix (RTM) with results of Security Assessment;
Perform Risk Analysis;
Create a Security Accreditation Report (SAR);
Create a Plan of Action and Milestones (POA&M);
Conduct Security Assessment Findings Meeting with the System Owner, ISSO and other system personnel as required.
Requires 25% travel.
Qualifications and Education/Certification Requirements:
The successful candidate will have 3+ years of Security Assessment and Authorization experience and a Bachelor s Degree is preferred. Must possess experience with NIST standards. This includes experience executing the full life-cycle of C&A activities including: defining the certification boundary, performing formal and technical risk assessments, developing and executing Security Test and Evaluation (ST&E) requirements, and developing Systems Security Plans (SSP) in accordance with federal and industry directives, guidelines, and best practices.
Technical writing experience (required):
Security assessment reports
Technical evaluation plans
Technical reports for technical audience (System Admin, Network Admin, Database Admin, Application Developers)
Technical reports for executive audience (System Owner, ISSO)
Ability to translate tactical issues and address them from a strategic perspective.
Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously; coordinating resources and ensuring scheduled goals are met.
Awareness of current information security and privacy issues and the ability to interpret the requirements of relevant policies and standards set forth in OMB memoranda and NIST documentation, specifically, 800-37, 800-53A, FIPS-199/200, and 800-30.
Ability to assess and weigh current and evolving security and privacy risks in an operational environment.
Proven problem management skills with the ability to think critically. Must be able to leverage technology and apply critical thinking to gather, aggregate, and analyze data, and present results to senior clients.
Ability to work effectively in a team management environment and participate in collaborative initiatives which foster the mutual exchange of knowledge and expertise.
Ability to make decisions and resolve problems effectively Seek out information and data to evaluate, prioritize and formulate best solution or practice.
Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.
Demonstrate leadership and foster collaborative team approach interacts well with front line and senior management providing consultation and expert advice on information security related topics.
Effectively navigate political landscape and build and strengthen relationships at all levels to include other divisions and government vendor partners.
Strong presentation and consulting skills.
Must be able to develop meeting agendas and materials as well as facilitate meetings with the client.
Strong verbal and written communication skills are required. Effective ability to effectively interact with various levels of senior management is necessary. Candidates must possess strong client interfacing and interpersonal skills.
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Secret Clearance may be required in the future.
|Requires Bachelor's degree or equivalent and five to seven years of related experience. Minimum of two years experience in technology/tools specific to the target platforms.|
|Preferred technical experience: |
Proficient in Windows and Linux operating systems
Working knowledge of nmap scanning (Slow Scans, Service detection, OS detection, namp Scipts)
Working knowledge of web aplication scanning tools (Burp, Nikto, Zap) and interpreting results.
Working knowledge of vulnerability scanners (Nexpose, Nessus) and interpreting results.
Working knowledge of using Nipper (network infrastructure parser) for different network devices and interpreting results.
Working knowledge of using database scanning tools (Appdetective, Scuba) and interpreting results.
Ability to complete manual configuration review for different operating system (Linux, Solaris, Windos XP, Windows 7, Windows Server 2003, Windows Server 2008, Windows Server 2012) based on the CIS benchmarks
Ability to complete manual configuration review for different database servers (MySql, MSSQL, Oracle) based on the CIS benchmarks.
Ability to complete manual configuration review for web application based on the OWASP and NIST guidelines.
|05-07 years w/Bachelors Degree |
|ManTech International Corporation is comprised of approximately 7,300 talented employees who use advanced technology to help government and industry meet some of their greatest challenges around the world. We adhere to the simple, no-nonsense values on which ManTech was founded more than four decades ago, aligning squarely with the mission objectives of our customers. As our customer base continues to expand and diversify, we continue to diversify our workforce and solutions. Nearly half our employees have a military background, and approximately 70 percent hold a government security clearance. As a leading provider of innovative technology services and solutions for the nation's defense, security, health, space, and intelligence communities; we hold nearly 1,100 active contracts with more than 50 different government agencies.|