VERSAR, INC.
Senior Security Engineer (Compliance)
VERSAR, INC., Washington, District of Columbia, us, 20022
Position SummaryVersar, Inc., is seeking a Senior Security Engineer (Compliance) to support the Department of Homeland Security's Enterprise Engineering Division (EED) within the Office of the Chief Information Officer (OCIO). This candidate will be a member of a high functioning team supporting cybersecurity countermeasures to strengthen DHS enterprise and HQ networks, overseeing and providing strategic and tactical direction with security compliance. This candidate will work directly with a team of network and security engineers, data center specialists, ISSOs, industry vendors, and DHS stakeholder groups that include 20+ DHS Components.This effort is responsible for providing support for the following Homeland Security Enterprise Network (HSEN) services along with Security Engineering Compliance:Design and development of cybersecurity technology along with integration of new architectural features into existing infrastructures while maintaining the integrity and security of enterprise-wide cyber systems and networks.Responsibility for DHS Security ATO and RMF compliance support ensuring systems are documented, security control implementation/documentation, self-inspection (STIG/vulnerability/compliance) auditing, and issue remediation.Strong working relationship with ISSOs and technical teams to ensure NIST Compliance and RMF ATO Security Authorization.Additional Duties / ResponsibilitiesProvide DHS Security Authorization SupportAssist and support the SOC Security Authorization Process following National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 including, but not limited to, the following elements:
Security PlanSecurity Risk AssessmentSecurity Controls AssessmentContinuity of Operations Plan (COOP)Development of POA&Ms
Provide assistance and support to the SOC System ISSO, to document and maintain the SOC Security Authorization documentation in the Information Assurance Compliance System (IACS), conduct NIST SP 800-53A assessments, and track NOSC Cyber (SOC) POA&Ms.Develop and document a comprehensive COOP which ensures that the Contractor maintains appropriate NOSC Cyber infrastructure backups, and documents priorities and procedures for re-instantiating critical functions in the event of a failure.Test the DHS NOSC Cyber COOP capabilities in conjunction with internal test procedures and the DHS Information Technology Disaster Recovery Plan.Provide support to Government management by establishing POA&Ms and processes for tracking the correction of internal self-assessment and external audit findings relating to security authorization of NOSC operations and activities.Minimum Qualifications / RequirementsAt least six (6) years of professional experience in an IT Services environment, providing technical support with emphasis on security compliance for federal networks.Prior experience with NIST FIPS Standards, Contingency Plans, Network Infrastructures, Security Impact Analysis, Privacy Impact security Assessments & Analyses, Standard Operating Procedures.U.S. Federal government consulting experience preferred.Must be resourceful in learning a very complex and dynamically changing network.Must be able to work independently in a fast-paced, dynamic environment.Past experience within the Department of Homeland Security or other government agency is preferred.U.S. citizenship required and eligibility for a DHS EoD is required to be considered for this position.EducationBS degree in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience.Certifications DesiredSecurity Certifications: CISSP, CCSP, CISM, GSLC, CISA, CASP, or equivalent.Software/Hardware DesiredIBM AppScan, HP WebInspect, Nexpose, Splunk, Nessus, HP Fortify, McAfee SECURE, McAfee Virus Scan, Enterprise, ArcSight Sourcefire, Nagios, Saint, Solarwinds, Remedy, Primavera, Xacta, CSAM.
#J-18808-Ljbffr
Security PlanSecurity Risk AssessmentSecurity Controls AssessmentContinuity of Operations Plan (COOP)Development of POA&Ms
Provide assistance and support to the SOC System ISSO, to document and maintain the SOC Security Authorization documentation in the Information Assurance Compliance System (IACS), conduct NIST SP 800-53A assessments, and track NOSC Cyber (SOC) POA&Ms.Develop and document a comprehensive COOP which ensures that the Contractor maintains appropriate NOSC Cyber infrastructure backups, and documents priorities and procedures for re-instantiating critical functions in the event of a failure.Test the DHS NOSC Cyber COOP capabilities in conjunction with internal test procedures and the DHS Information Technology Disaster Recovery Plan.Provide support to Government management by establishing POA&Ms and processes for tracking the correction of internal self-assessment and external audit findings relating to security authorization of NOSC operations and activities.Minimum Qualifications / RequirementsAt least six (6) years of professional experience in an IT Services environment, providing technical support with emphasis on security compliance for federal networks.Prior experience with NIST FIPS Standards, Contingency Plans, Network Infrastructures, Security Impact Analysis, Privacy Impact security Assessments & Analyses, Standard Operating Procedures.U.S. Federal government consulting experience preferred.Must be resourceful in learning a very complex and dynamically changing network.Must be able to work independently in a fast-paced, dynamic environment.Past experience within the Department of Homeland Security or other government agency is preferred.U.S. citizenship required and eligibility for a DHS EoD is required to be considered for this position.EducationBS degree in Information Systems, Computer Engineering, Computer Science, or Cyber Security, or equivalent experience.Certifications DesiredSecurity Certifications: CISSP, CCSP, CISM, GSLC, CISA, CASP, or equivalent.Software/Hardware DesiredIBM AppScan, HP WebInspect, Nexpose, Splunk, Nessus, HP Fortify, McAfee SECURE, McAfee Virus Scan, Enterprise, ArcSight Sourcefire, Nagios, Saint, Solarwinds, Remedy, Primavera, Xacta, CSAM.
#J-18808-Ljbffr