HRUCKUS
Information System Security Engineer III
Veteran-Owned Firm Seeking an Information Systems Security Engineer III for an Onsite Assignment at Hanscom Air Force Base (AFB) in Bedford, MA.
Base pay range $170,000.00/yr - $190,000.00/yr
Job Title:
Information Systems Security Engineer (ISSE) III
Location:
Hanscom AFB, MA
Clearance Requirement:
Top-Secret Clearance
Assignment Type:
Full-time, Onsite
Salary Range:
$170,000 - $190,000 per year
Responsibilities
Support the system/application authorization and accreditation (A&A) effort for weapon systems and PIT Systems, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Air Force policies (i.e., Risk Management Framework (RMF).
Understanding of how RMF intersects with the acquisition process and how it’s used to generate requirements; how RMF and Cybersecurity should be covered in contracts – requirements, deliverables, PWS/SOW language.
Understanding how to work through RMF and controls with a program to establish appropriate levels of risk based on program lifecycle and mission requirements.
Recommend policies and procedures to ensure the reliability of and accessibility to information systems and to prevent and defend against unauthorized access to systems, networks, and data.
Develop, execute, and track the performance of security measures to protect information and network infrastructure and computer systems.
Review and assess architectures and recommend cybersecurity strategies to developmental and legacy system designs.
Assess threats to determine impact and recommend corrective actions to program managers to reduce risk.
Translate program/system requirements into technical requirements and architectures needed to meet program objectives.
Life cycle development Promote awareness of security issues among management and ensuring sound security principles are reflected in program’s visions and goals. Participate in systems design.
Understanding of DevSecOps environments to check for security flaws and vulnerabilities during code review.
Understanding of operating systems including Linux, Ubuntu, IoT systems, ZTA environments and Cloud development.
Identify, define, and document system security requirements and recommend solutions to management.
Plan, develop, implement, and update Cyber Security Strategy Information within the Program Protection Plan (PPP) and assess CPI (Critical Program Information) and CC (Critical Components) analysis.
Recommend and review Tempest requirements, systems security contingency plans and disaster recovery procedures.
Experience with compliance and vulnerability and software scanning tools (STIGs, Nessus, ACAS, SCC/ SCAP, etc.) to include the review and creation of mitigation reports.
Review the Vendor submitted Contract Data Requirement List (CDRL) items for Cybersecurity related areas, to ensure technical requirements have been met, and provided substantial comments and recommendations to the Program Management (PM) team as to adequacy of the CDRL.
Other duties as assigned.
Required Qualifications
One of the following education/experience combinations:
BA/BS Degree, and 15 years of Cyber-Security experience and 5 years DoD experience OR
MA/MS Degree and 12-year experience, 5 years in DoD OR
20 years of directly related experience with proper certifications of which 8 years are in DoD.
DoD 8570.01 MMGT512 compliant certification.
Experience with the Risk Management Framework (RMF).
If you’re interested, I’ll gladly provide more details about the role and discuss your qualifications further.
My name is Stephen Hrutka. I lead a Veteran‑Owned management consulting firm in Washington, DC, specializing in Technical and Cleared Recruiting for the Department of Defense, the Intelligence Community, and other advanced defense agencies.
Thanks,
#J-18808-Ljbffr
Base pay range $170,000.00/yr - $190,000.00/yr
Job Title:
Information Systems Security Engineer (ISSE) III
Location:
Hanscom AFB, MA
Clearance Requirement:
Top-Secret Clearance
Assignment Type:
Full-time, Onsite
Salary Range:
$170,000 - $190,000 per year
Responsibilities
Support the system/application authorization and accreditation (A&A) effort for weapon systems and PIT Systems, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Air Force policies (i.e., Risk Management Framework (RMF).
Understanding of how RMF intersects with the acquisition process and how it’s used to generate requirements; how RMF and Cybersecurity should be covered in contracts – requirements, deliverables, PWS/SOW language.
Understanding how to work through RMF and controls with a program to establish appropriate levels of risk based on program lifecycle and mission requirements.
Recommend policies and procedures to ensure the reliability of and accessibility to information systems and to prevent and defend against unauthorized access to systems, networks, and data.
Develop, execute, and track the performance of security measures to protect information and network infrastructure and computer systems.
Review and assess architectures and recommend cybersecurity strategies to developmental and legacy system designs.
Assess threats to determine impact and recommend corrective actions to program managers to reduce risk.
Translate program/system requirements into technical requirements and architectures needed to meet program objectives.
Life cycle development Promote awareness of security issues among management and ensuring sound security principles are reflected in program’s visions and goals. Participate in systems design.
Understanding of DevSecOps environments to check for security flaws and vulnerabilities during code review.
Understanding of operating systems including Linux, Ubuntu, IoT systems, ZTA environments and Cloud development.
Identify, define, and document system security requirements and recommend solutions to management.
Plan, develop, implement, and update Cyber Security Strategy Information within the Program Protection Plan (PPP) and assess CPI (Critical Program Information) and CC (Critical Components) analysis.
Recommend and review Tempest requirements, systems security contingency plans and disaster recovery procedures.
Experience with compliance and vulnerability and software scanning tools (STIGs, Nessus, ACAS, SCC/ SCAP, etc.) to include the review and creation of mitigation reports.
Review the Vendor submitted Contract Data Requirement List (CDRL) items for Cybersecurity related areas, to ensure technical requirements have been met, and provided substantial comments and recommendations to the Program Management (PM) team as to adequacy of the CDRL.
Other duties as assigned.
Required Qualifications
One of the following education/experience combinations:
BA/BS Degree, and 15 years of Cyber-Security experience and 5 years DoD experience OR
MA/MS Degree and 12-year experience, 5 years in DoD OR
20 years of directly related experience with proper certifications of which 8 years are in DoD.
DoD 8570.01 MMGT512 compliant certification.
Experience with the Risk Management Framework (RMF).
If you’re interested, I’ll gladly provide more details about the role and discuss your qualifications further.
My name is Stephen Hrutka. I lead a Veteran‑Owned management consulting firm in Washington, DC, specializing in Technical and Cleared Recruiting for the Department of Defense, the Intelligence Community, and other advanced defense agencies.
Thanks,
#J-18808-Ljbffr