Gray Tier Technologies LLC
Expert Security Engineer
Gray Tier Technologies LLC, Springfield, Virginia, us, 22161
+--------------------------------------------------------------------------+ | Skills & Tasks | | | | - Bridge the gap between high-level security policies/requirements and | | technical/operational implementation of those requirements. | | - Apply Risk Management Framework (RMF) security controls in | | accordance with regulatory policies. | | - Serve as the security subject matter expert (SME) and will manage | | the execution of systems security activities for | | multiple applications. | | | | Job Duties | | | | - Provide guidance to teams on the A&A Process to include: related | | security documentation such as systems concept of operations, system | | security design, implementation plans, operational procedures, and | | maintenance training materials | | - Provide support to development teams for mitigation and management | | of Plan of action and Milestones (POA&Ms) | | - Conducts assessments of existing IT architecture for compliance with | | security requirements in accordance with regulatory security | | frameworks (IAW NIST SP 800-53 Rev. 4) | | - Provide engineering support and assistance to | | authorization/accreditation test and evaluation activities | | - Evaluate proposed security architectures and designs and provide | | input as to the adequacy of those security designs to meet required | | security compliance objectives | | - Conduct and review security scans | | - Track and mitigate customer system vulnerabilities | | - Participate in IAVA Testing and provide recommendations of baseline | | acceptance of system patches | | - Ensure STIG compliance and mitigation | | - Provide continuous monitoring support for information systems | | - Assist with running vulnerability scans on various applications and | | provide recommendations for compliance | +--------------------------------------------------------------------------+ | | +--------------------------------------------------------------------------+ | | +--------------------------------------------------------------------------+
HERE'S WHAT YOU'LL NEED:
+--------------------------------------------------------------------------+ | QUALIFICATIONS: | | | | +----------------------------------------------------------------------- | | ---+ | | | - Master's degree plus 4 years' experience, Bachelor's degree plus 6 | | | | | | years' experience, Associates degree plus 12 years' experience, or | | a | | | | minimum of 15 years' experience, in relevant field | | | | | | - Extensive experience with Assessment and Authorization(A&A) | | | | | | requirements specifically Authority to Operate (ATO) process and | | | | | | procedures within the Enterprise | | | | | +----------------------------------------------------------------------- | | ---+ | | | | DESIRED REQUIREMENTS | +--------------------------------------------------------------------------+ | - XACTA experience | | - Certified Information Systems Security Professional (CISSP), CompTIA | | Security+, or other IAT II Certification | | - Extensive experience with Security Framework regulations, to | | include: NIST 800-53; ICD 503, Rev4; CNSS 1253 | | - Extensive experience with Plan of Action Milestones (POA&Ms) and | | knowledge of appropriate corrective action for unacceptable risks | | - Experience with a variety of systems (e.g. desktop, cloud, etc.) | | - Knowledge of Enterprise Security Best Practices (IAW NIST 800-53; | | ICD 503, Rev4; CNSS 1253) | +--------------------------------------------------------------------------+
HERE'S WHAT YOU'LL NEED:
+--------------------------------------------------------------------------+ | QUALIFICATIONS: | | | | +----------------------------------------------------------------------- | | ---+ | | | - Master's degree plus 4 years' experience, Bachelor's degree plus 6 | | | | | | years' experience, Associates degree plus 12 years' experience, or | | a | | | | minimum of 15 years' experience, in relevant field | | | | | | - Extensive experience with Assessment and Authorization(A&A) | | | | | | requirements specifically Authority to Operate (ATO) process and | | | | | | procedures within the Enterprise | | | | | +----------------------------------------------------------------------- | | ---+ | | | | DESIRED REQUIREMENTS | +--------------------------------------------------------------------------+ | - XACTA experience | | - Certified Information Systems Security Professional (CISSP), CompTIA | | Security+, or other IAT II Certification | | - Extensive experience with Security Framework regulations, to | | include: NIST 800-53; ICD 503, Rev4; CNSS 1253 | | - Extensive experience with Plan of Action Milestones (POA&Ms) and | | knowledge of appropriate corrective action for unacceptable risks | | - Experience with a variety of systems (e.g. desktop, cloud, etc.) | | - Knowledge of Enterprise Security Best Practices (IAW NIST 800-53; | | ICD 503, Rev4; CNSS 1253) | +--------------------------------------------------------------------------+