SENIOR SYSTEM SECURITY ENGINEER
Company: Doyon Government Group
Location: Irvine
Posted on: September 12, 2024
Job Description:
Overview:
JOB SUMMARY: The Senior System Security Engineer is a senior
technical resource responsible for ensuring that delivery on
federal contracts meet all federal IT security standards, best
practices, policies, and processes in order to deliver federal IT
security compliant solutions. This work is a mix of strategy,
documentation, negotiations, technical leadership, and hands-on
cyber security work for federal Clients. They will be responsible
for the management of information in the federal cybersecurity and
risk management platforms, such as the Cyber Security Assessment &
Management (CSAM) and Xacta platforms, for all federal contracts
assigned.They will be involved in guiding a team to properly
document system security boundaries, understanding and assessing
security controls, and educating federal Clients on the proper
security controls for the solutions our team implements and
supports. The Information System Security Officer will interact
with all levels of Arctic IT Government Solutions employees, sister
companies, partners, and federal Client organizations in the
execution of the following essential functions.This is a
non-supervisory role.
Responsibilities:
ESSENTIAL FUNCTIONS:Security Operations:
Evaluate needs and make
recommendations on how to meet IT Security standards and best
practices for security operations, including but not limited to,
tools, process, policies, etc.
Implement federal IT security
standard operational models and maintain them throughout the life
of the federal contract
Work with federal Chief Information
Security Officer (CISO) and their staff to evaluate and determine
the best security controls to be applied to new systems of record
and manage the Assessment & Authorization (A&A) process in
order to achieve an Authority to Operate (ATO)
Manage the annual reassessment of
federal solutions on contracts assigned, this includes tasks
necessary to address existing and new Plan of Action Milestones
(POAMs), updating any documentation for A&A, and any other
tasks necessary to continue an ATO for assigned systems and
solutions
Collaborate with information system
owners, security officers, developers, and IT operations personnel
to conduct system security categorizations in accordance with NIST
SP 800-60 and FIPS 199 requirements (as amended)
Document security control selections
and apply control tailoring guidance in accordance with NIST SP
800-53 and NIST SP 800-18 (as amended)
Develop initial system security plans
and contingency plans aligned with organizational policies and NIST
SP 800-18, NIST SP 800-34 (as amended) and security best practices
Monitor threats and take preventive
measures as needed on federal contracts assigned
Identify, report, and control
security incidents on federal contracts assigned
Train internal team on changes to
federal security standards as necessary
Demonstrate subject matter expert
regarding SIEMs, security tools and usage, complex networking
concepts, security protocols, operating systems, and system
applications
Create a process to provide ongoing
security checks throughout the Client lifecycle
Communicate with team known
vulnerabilities and remediation/mitigation plans
Stay up to date on key industry
related security issues and trends, and relay to management and
federal Clients as needed
Provide input, including writing
content for federal solicitation responses
Qualifications:
QUALIFICATIONS:
Bachelors degree in MIS, Computer
Science, or related field highly preferred, may substitute or
equivalent technical consulting, system administration, or network
administration experience in an enterprise environment
5+ years of experience working as a
security professional for a federal agency, either as an employee
or as a contractor with Risk Management Framework (RMF)
5+ years of experience in network and
system design, access control and implementation
Job-related industry certification,
such as CISSP, SANS GIAC, Security+, or Microsoft 365 obtained
within 1 year of start
Deep knowledge of cloud technologies
and securing cloud environments (such as Microsoft 365, Azure,
etc.)
Experience in database security and
data storage security
Knowledge of secure development
methods
Understanding of scripting languages
and technologies such as shell scripting, Perl, JavaScript,
VBScript, and/or others
Ability to perform ethical hacking,
penetration testing, vulnerability assessments and web application
security testing using various tools and provide a summary of
issues and best practice resolutions
Experience with (and strong
understanding of) virtualization technologies and concepts
Applicants are subject to government
security investigations and must meet eligibility requirements
related to the clearance process.
Pass background checks as
needed.WORKING ENVIRONMENT: The majority of workfor this roleis
performed ina homeofficeand interactswith a wide variety of people
with differing functions, personalities, and abilities.
Telecommuters are expected to havesufficienthome office space that
appears neat, organized, and professional when on video
meetings.Travel is required and varies around 25%.REASONABLE
ACCOMMODATION: It is Arctic Information Technology, Inc.s business
philosophy and practice to provide reasonable accommodations,
according to applicable state and federal laws, to all qualified
individuals with physical or mental disabilities.PREFERENCE
STATEMENT: Arctic Information Technology, Inc. grants preference to
qualified Doyon Shareholders first, and second to qualified
shareholders of other Alaska Native corporations that grant a
similar preference in all phases of employment and training, which
include, but are not limited to hiring, promotion, layoff,
transfer, and training.PAY TRANSPARENCY STATEMENT: Arctic
Information Technology will not discharge or in any other manner
discriminate against employees or applicants because they have
inquired about, discussed, or disclosed their own pay or the pay of
another employee or applicant. However, employees who have access
to the compensation information of the other employees or
applicants as a part of their essential job functions cannot
disclose the pay of other employees or applicants to individuals
who do not otherwise have access to compensation information,
unless the disclosure is (a) in response to a formal complaint or
charge, (b) in furtherance of an investigation, proceeding,
hearing, or action, including an investigation conducted by the
employer, or (c) consent with the contractors legal duty to furnish
information.Arctic Information Technology Inc. is a Federal
Contractor and complies with the Vietnam Era Veterans Readjustment
Assistance Act (VEVRAA).Arctic Information Technology, Inc. is an
equal opportunity employer. We evaluate qualified applicants
without regard to race, color, religion, sex, sexual orientation,
gender identity or national origin, disability, veteran status, and
other protected characteristics. The EEO is the Law and the poster
is available at . For questions on the job posting contact (253)
344-5300.#LI-RemoteVEVRAA Federal ContractorWe request Priority
Protected Veteran & Disabled Referrals for all of our locations
within the stateThe EEO is the Law poster is available
.PDN-9ce0ed2b-9219-4f50-a76d-d40093495d36
Keywords: Doyon Government Group, Huntington Beach , SENIOR SYSTEM SECURITY ENGINEER, Other , Irvine, California
Didn't find what you're looking for? Search again!
Loading more jobs...