VariQ has an exciting opportunity for a highly qualified ISSE (Senior)to support the Defense Information Systems Agency (DISA) in Ft. Meade, MD.
Available upon award, currently in proposal/bid stage
Location: Ft. Meade and Contractor site
Security Clearance: TS/SCI
Salary: dependent upon experience
Shall have at least 10 years of specialized experience in the field of information systems security engineering (ISSE).
Shall be Information Assurance Systems Architect and Engineer (IASAE) Level III certified in accordance with DoD 8570.01-M (CISSP-ISSAP or CISSP-ISSEP)
Shall have expert knowledge of information security architectures and infrastructure including network designs, web services, application services, databases, directories, cloud technologies, virtual environments.
Shall have a strong background in cybersecurity DoD standards; e.g. National Institute of Standards and Technology (NIST) Special Publications (SP), DoD Memorandums, Security Technical Implementation Guides (STIGS), Committee on National Security Systems (CNSS), DoD Instructions, Internet Engineering Task Force (IETF), Risk Management Framework (RMF) and other DoD and commercial standards.
Shall be capable of communicating cybersecurity policies and principals at all levels of the organization; prepare/present briefings to senior management officials on complex Information Security issues.
Shall possess the ability to collaborate closely with systems engineers, developers, contractors, program management offices to mitigate design risks and to recommended solutions to address security flaws identified in system designs. Evaluate and provide oversight on security architectures and design requirements in all phases of the system lifecycles.
Demonstrated expertise in bridging the gap between high level DoD and Commercial security policies and best practices to the technical and operational implementation of those requirements. Focus on porting requirements to cutting-edge technologies such as Docker Containers, Infrastructure as a Service (IaaS), etc.
Capable of utilizing engineering experience to develop robust technical solutions and identify security tools to aid mitigating security vulnerabilities and creating repeatable processes.
Able to provide feedback on the STIG recommendations identified by the material developer. Ensure that the developer understands the requirements and the proposed design is compliant with requirements identified in these STIGs.
Capable to lead and conduct Security Engineering Reviews (SERs) for the purposes of verifying all IA aspects of the design and ensuring the developer understands the requirements.
Experienced in conducting analysis of software for risk assessment and approval into the software baseline (Open Source Software (OSS), commercial off the shelf (COTS), reuse of government off the shelf (GOTS), freeware, shareware, mobile code).
Experience in participating in the Cybersecurity Validation Hot Washes, Cybersecurity Team meetings, and the Cyber Security Assessment Readiness Review (CSARR) meetings.