Information Systems Security Engineer
The candidate will provide system and security engineering support and technical services support to Naval Surface Warfare Center Philadelphia Division (NSWCPD). The effort includes HW/SW IV&V, creation/revision/maintenance of RMF A&A Package artifacts and supporting the accreditation process from Step 1 thru Step 6 as needed.
- Must be a US citizen
- Must have an active Secret security clearance (verifiable in JPAS)
- Must be IAT Level II compliant
- Must have CompTIA Security+ Certification
Essential Functions and Responsibilities (will include but not limited to):
- Processes a range of scheduled routines. In addition to operating the system and resolving common error conditions, diagnoses and acts on machine stoppage and error conditions not fully covered by existing procedures and guidelines. In response to computer output instructions or error conditions, may deviate from standard procedures if standard procedures do not provide a solution. Refers problems which do not respond to corrective procedures.
- Provide system engineering, and technical assistance support, as requested by Stakeholders.
- Provide on-site and off-site system engineers to assist with the acquisition, integration, and certification of systems and components under the purview of the Program.
- Provide Systems Engineering Support for Hardware/Software and Independent Verification and Validation (IV&V).
- Review and comment on Program documentation and key processes (e.g. Drawings, Data Item Descriptions, Contract Data Requirements Lists, Concept of Operations, Integrated Support Plan, Software Acquisition, Development and Integration Plan, Software Requirements Specification, and asset design drawings/documentation).
- Assist in the development of a hardware Configuration Management (CM) plan, which is consistent and compatible with current U.S. Navy hardware CM practices. Provide CM reports as required in support of Integrated Product Teams and the project manager.
- Assist in the development of a Systems Engineering Risk Management Plan including the stand-up and operation of a Risk Management Board (RMB) that is consistent and compatible with current U.S. Navy Risk Management practices where applicable.
- Develop and maintain a Plan of Action and Milestone (POA&M) for all IA-related tasks and deliverables in accordance with the Security Technical Implementation Guide (STIG)
- Develop Risk Assessment Reports (RARs) based on vulnerability test results, automated scan reviews, Assured Compliance Assessment Solution (ACAS) scans, and other DoD-mandated assessment-utilities.
- Document A&A-information in the A&A Package consistent with all other Packages, and ensure that there are no omissions
- Input reports in eMass, or deliver in MS Office-products/Visio formats, as appropriate.
Required Education, Skills, and Experience:
- Secret Security Clearance
- CompTIA Security+ Certification
- Experience working in Unix/Linux environments
- Experience with security features and/or vulnerability of various operating systems as defined by NSA, NIST, DISA (STIGS) and USCYBERCOM.
- Experience with IA vulnerability testing and related and system test tools: e.g. NMap, ACAS/Nessus, Security Content Automation Protocol (SCAP)
Preferred Education, Skills, and Experience:
- Bachelor’s degree
- Four (4) years of related technical experience
- Two (2) years’ experience with DIACAP or RMF package creation