Information Systems Security Engineer

Company: Donatech
Location: Arlington
Posted on: March 16, 2023

Job Description:

Position would require the candidate to be a W2 employee of Donatech.

US Citizenship Required. -

Active Secret Clearance Required. -



Seeking an experienced cybersecurity professional to provide technical expertise for the design, development, integration, testing, and fielding of Department of Defense (DoD) compliant Information Systems and solutions used in military training systems.



Major functions:

ESSENTIAL DUTIES AND RESPONSIBILITIES

Ensure that SSE processes are aligned to, and adequately documented in the ISs Systems Engineering Plan, Program Protection Plan, and assist as needed in other technical documentation for security engineering inputs and review (e.g. ISP, CSP).

Support systems engineering technical reviews (SETR) by ensuring that entry and exit criteria include cybersecurity and are satisfied, and that design documentation meets the specified cybersecurity requirements.

Ensure that security requirements and technical security controls are properly allocated and documented in design specifications, technical publications, and manuals, etc.

Ensure security requirements and technical security controls are properly allocated and implemented in logistics, configuration management, or program planning documents incorporating cybersecurity considerations throughout the lifecycle of the system.

Ensure that security requirements and technical security controls have been communicated and are reflected in the ISs requirements database.

Designs, develops, and implements security measures that support software assurance and software security to ensure proper security design of applications and remediation of security defects in the ISs code base.

Perform threat modelling, design threat models, and participate in anti-tamper design of systems IAW Anti-Tamper Executive Agent (ATEA) guidance.

Support assessment and authorization (A&A) of IS (or IS contained in security authorization boundaries) ensuring cybersecurity is included in the design architecture and SDLC.

o Perform information type and system categorization security impact that provide confidentiality, integrity, and availability (CIA), security control overlay selection, and technical security control tailoring

o Design technical security architecture implementations, security integrations, system hardening guidance, threat countermeasures, and provide mitigation support for un-remediated system vulnerabilities to lower risk impact to systems

o Provide security engineering support of cybersecurity test plans/procedures to ensure security requirements are verified and validated as designed.

o Develop Risk Assessment Reports (RAR), Security Assessment Plans (SAP), Security Assessment Reports (SAR), Security Control Traceability Matrices (SCTM), and Security Impact Analyses (SIA).

o Assist in technical inputs for development of System Security Plans (SSP) and other applicable documentation pertaining to Information System (IS) authorizations and system security design.

o Assist and define technical measures that ensure proper disposal of IS.

Communicate with other engineering and architecting disciplines, customers, and authorization officials to convey cybersecurity aspects, design, implementation, and mitigations.

Provide governance and technical advice on selection of cybersecurity products and cybersecurity-enabled products acquired and used in the IS.

Support future business initiatives in working proposal efforts.



Education/Experience/Licenses etc.:

QUALIFICATIONS AND EDUCATION REQUIREMENTS

Bachelor's degree in a technical field, such as Cybersecurity, Electrical Engineering, Systems Engineering, or Computer Science

Possess an active security clearance

Possess an active IASAE level II or III certification in accordance with DoDD 8140.01, Cybersecurity Workforce Management and DoD 8570.01-M, Information Assurance Workforce Improvement Certification

10+ years of relevant, demonstrable experience in fields of cybersecurity, anti-tamper, or engineering computer technology

Knowledge in the following areas:

o Knowledge of computer networking concepts and protocols and network security methodologies.

o Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

o Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

o Knowledge of integrating the organizations goals and objectives into the architecture.

o Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

o Knowledge of cybersecurity principles.

o Knowledge of cyber threats and vulnerabilities.

o Knowledge of cybersecurity-enabled software products.

o Knowledge of specific operational impacts of cybersecurity lapses.

Skills in the following areas:

o Skill in applying cybersecurity methods, such as firewalls, demilitarized zones, and encryption.

o Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

o Skill in translating operational requirements into protection needs (i.e., security controls).

Abilities in the following areas:

o Ability to design architectures and frameworks.

o Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

o Ability to apply an organizations goals and objectives to develop and maintain architecture.



PREFERRED SKILLS AND EXPERIENCE

JSIG compliance and implementation experience

Proficiency in anti-tamper techniques for verification and protection of Critical Program Information (CPI) per DoDI 5200.39

Systems Administrator, Software Engineering, and/or Network Engineering Experience

Significant knowledge of Security Technical Implementation Guides (STIGs)

Masters Degree in a technical field

Design and Architect experience of cybersecurity solutions

Multiple DoD 8570.01-M certifications

Prior experience utilizing systems engineering principles for requirements on a technical effort

Previous experience developing and accessing various artifacts such as SOWs, requirements, and test documents

Experience with DOORS requirements management software

Experience in eMASS and Xacta RMF flow software

Experience in cybersecurity activities associated with aircraft and aircraft simulators/training devices

Ability to travel up to 15%

Keywords: Donatech, Arlington , Information Systems Security Engineer, Other , Arlington, Texas