ISSO / Assessment & Authorization Engineer
Cyber Security/Information Assurance A&A Engineer responsible for security processes and implementation supporting a large customer on a new multi-year contract. Multiple positions are available. This is a rare career-making and learning opportunity for the right person-a make-a-difference role with a large impact on National Security. TS/SCI clearance with current SSBI is mandatory.
This position is a challenging role in a multi-contractor team supporting a fast moving program for multiple customers and/or projects. In this role, you will execute tasks and support for the development teams on various services projects. This task requires expertise in Information Assurance and specifically A&A--you need to be the go-to person. Establishing a track record of reliability and trust with team members and security stakeholders is crucial. As part of the LP3 team, occasional consulting on other projects as well as RFI and proposal support are also required.
The A&A Engineer/Information Systems Security Officer (ISSO) shall perform, review, and conduct technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies to the team.
• Validates and verifies system security requirements definitions and analysis and establishes system security designs for controls.
• Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing, virtualization, cloud, and enclave environments to include those with multiple enclaves and with differing data protection/classification requirements.
• Builds IA into systems and services deploying into operational environments at multiple classification levels
• Assists architects and services developers in the identification and implementation of appropriate information security controls and potential security functionality to ensure uniform application of security policy and enterprise solutions.
• Enforces the design and implementation of trusted interfaces among external systems and architectures.
• Assesses and mitigates system security threats/risks throughout the program life cycle.
• Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations.
• Creates and reviews A&A documentation, providing feedback on completeness and compliance of its content. Develops and executes Security Test Plan (STP) in close cooperation with team members.
Key success attributes:
- Expert knowledge and experience in A&A with DCID 6/3/ICD-503
- Strong knowledge and experience with NIST 800-53 and associated security controls implementation and verification
- Strong network and host security background in Windows
- Hyper-V, SCCM, WSUS, and patching experience
- Outstanding communication skills including verbal and written; Word, PowerPoint, Excel, Visio, Project, and other tools to communicate with peers and customers at all technical levels
- Scanning systems and assisting the team in remediating vulnerabilities
- Ability to communicate effectively with senior management in government and contractor teams
- Experience ensuring systems comply with key government security requirements and demonstrate that through verification testing with government security stakeholders
The ideal person for this role is flexible, experienced, technically capable, self-motivated, and can effectively influence others to deliver the right solution for the customer. Creativity, personal backbone, and IT security experience are required. Assessment & Authorization (A&A) experience is required to be successful in this position. A mix of professional relationship skills and technical skills are required in this role. It will be an interesting mix of tasks from day-to-day.
Occasional, 2-7 day trips to other CONUS/OCONUS customer facilities may be required 2-3 times per year.
- SCI clearance with current SSBI
- Knowledge of NIST 800-53, DIACAP, or DODIIS security requirements
- Bachelor's degree (or equivalent experience depending on position)
- 3+ years minimum experience in Information Assurance positions
- Experience with system hardening
- Experience working in a team environment on similar tasks
- IT security training in various disciplines
- DoD 8570 certification (Security+)
Strongly desired qualifications/skills:
- Strong Windows administration and hardening experience
- Experience with ICD-503 A&A processes
- Experience working on and supporting classified networks
- Familiarity with cloud and virtual hosting environments
- Security architecture, engineering, and A&A experience
- Experience with System Security Plans, Security Compliance Traceability Matrix, Security Test Plans, Plan of Action & Milestones
- Experience with ACAS and other scanning tools
- Bachelor's or Master's degree in IA/Cyber Security/Computer Science
- Advanced IT certifications-- technical certifications such as CISSP, RHCE, CCIE, SANS, etc.
This position is offered by LP3. LP3 is an innovative small company delivering Information Assurance consulting expertise to DoD and IC customers. LP3 is an Equal Opportunity Employer. We hire VETS!
LP3 is an innovative small company delivering Information Assurance consulting expertise to DoD and IC customers. LP3 is a proven leader in cyber security services nationwide, providing our customers with solutions tailored to meet rapidly evolving IT and cyber security needs. Our depth of knowledge and experience gained protecting our Nation's IT infrastructure over the past decade allows us to offer the highest caliber of IT and security services to our corporate clients. At LP3, we consider our people our most valuable asset. We are committed to providing an environment that fosters growth, respect, and integrity. As an employee of LP3, you will be empowered to contribute and make a difference on day one.
Fri, 18 Aug 2017 14:41:02 PDT