Specific Skill Requirements:
Position requires current SSBI/SCI with Full-Scope Polygraph or equivalent. Expert knowledge of Nessus, AppDectective, WebInspect, SecSCN, and WASSP is required. Knowledge of Ruby on Rails is desired. Demonstrable ability to build test environments to include configuring and installing appropriate security software.
Specific Job Duties and Responsibilities:
- Assist with generation of System Security Plans (SSP) per DCID 6/3, and conduct periodic review, verification, and update to ensure compliance, for both legacy and new information systems.
- Assist with the maintenance of security-related documentation (e.g., SSP, Interim Authority to Test, Production Data Waivers, and Authority to operate).
- Participate in Development, Operations, and Maintenance (DOM) information system risk assessments, audits, and reviews.
- Ensure systems are operated, maintained, and disposed of in accordance with internal DOM and customer security policies and practices outlined in the SSP. Ensure that system security requirements are addressed during all phases of any DOM legacy system life cycle. Authorize software, hardware, and firmware use per security policy and procedure. Report all security-related incidents to program management/IASM.
- Conduct system self-scans as appropriate to support initial, update, and reaccreditation efforts. Generate certification self scan mitigation reports as needed for the customer and internal projects, as requested.
- Serve as a member of configuration management board, as directed. Formally notify the program management/IASM when changes occur that might affect system accreditation. Formally notify program management/IASM when a system no longer processes intelligence information.
- Create automated test scripts and test existing applications for compliance with upgrades.
General Responsibilities:
Evaluates, communicates, and mitigates computing and information security risks. Ensures that appropriate processes are in place and followed so that systems are compliant with applicable requirements. Participates in or leads compliance audits and assessments. Provides consultation on security issues. Analyzes security events and records to determine if security incidents have occurred. Develops policies, provides oversight for protection of computing security systems, and provides oversight for emerging issues. Uses advanced investigative knowledge to assist in investigations. Participates in and/or leads incident response teams. Participates in and/or leads the development of information security training materials and processes. Provides compliance and audit support per applicable regulations. Conducts required InfoSec testing and scanning. Resolves or mitigates the appropriate risks and creates reports documenting all testing and results. Conducts comprehensive risk assessments. Able to work with a number of security tools to help with testing and auditing. Works under minimal direction.
Competencies
General
Collaboration
Consistently works effectively and cooperatively with team members and fellow project team leaders, other employees and external customers. Establishes and maintains good working relationships by actively involving less experienced employees and/or other project team leaders and external customers and helping them feel valued, appreciated, and included in discussions. Places higher priority on team and organization goals than on own goals. Offers to provide assistance and/or project team leadership to other teams and/or employees when doing so would benefit the organization.
Communication
Consistently clarifies purpose and importance; stresses major points; follows a logical sequence. Consistently keeps the audience thoroughly engaged through use of techniques such as analogies, illustrations, humor, an appealing style, body language, and voice inflection. Consistently frames even complex messages in line with audience experience, background, and expectations; uses terms, examples, and analogies that are meaningful to the audience. Consistently seeks input from audience; checks understanding; presents message in different ways to enhance understanding. Uses syntax, pace, volume, diction, and mechanics appropriate to the media being used; attends to both direct and indirect messages from others; correctly interprets messages and responds appropriately. Advises fellow project leads and other internal employees in effective communication techniques.
Cross Functional Partnerships
Analyzes the organization, potential external partners, and own area to identify key relationships that should be initiated or improved to further the attainment of own area's goals. Exchanges information with project leads, internal employees, and external customers to clarify partnership benefits and potential problems; collaboratively determines the scope and expectations of the partnership so that both areas' needs can be met. Collaboratively determines courses of action to realize mutual goals; facilitates agreement on each partner's responsibilities and needed support. Places higher priority on organization's goals than on own area's goals; anticipates effects of own area's actions and decisions on partners; influences others throughout the organization and in partner organizations to support partnership objectives. Implements effective means for monitoring and evaluating the partnership process and the attainment of mutual goals.
Systems Thinking
Consistently evaluates job tasks and processes on how well they help meet team objective(s); identifies non-value-adding components and barriers. Formulates change strategies; frequently seeks input from other project leads and internal employees to evaluate options for change and encourage buy-in. Makes appropriate changes to job/role structures and processes by communicating effectively and focusing on new skill development. Uses extensive measurement systems to monitor the implementation. Technical
Analytical Skills
Basic - Skill and ability to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources with clients, customers and/or suppliers.
Preferred - Skill and ability to: collect, organize, synthesize, and analyze data; summarize findings; develop conclusions and recommendations from appropriate data sources at the business unit level.
Government Security Reg
Basic - Extensive and specialized knowledge of government security regulations (e.g., National Industrial Security Program Operating Manual [NISPOM], International Traffic in Arms Regulations [ITAR], Export Administration Regulations [EAR]).
Preferred - Advanced, expert knowledge of government security regulations (e.g., National Industrial Security Program Operating Manual [NISPOM], International Traffic in Arms Regulations [ITAR], Export Administration Regulations [EAR]).
Information Assurance
Basic - Extensive and specialized knowledge of principles, concepts, practices, processes, tools and methodologies to assure confidentiality, integrity and availability of information and information systems. Understands current industry standard common body of knowledge (CBK) and common criteria methodology (CCM).
Preferred - Advanced, expert knowledge of principles, concepts, practices, processes, tools and methodologies to assure confidentiality, integrity and availability of information and information systems. Understands current industry standard common body of knowledge (CBK) and common criteria methodology (CCM).
Information Protection
Basic - Extensive knowledge of the security of architecture, electronic data communications, network/data, electronic commerce, and other related areas to provide computing security and integration services to company computer users and customers. Interfaces with the appropriate government agencies, customers, suppliers, and company personnel in order to facilitate implementation of protective mechanisms and to ensure understanding of and compliance with computing security requirements.
Preferred - Advanced, expert knowledge of the security of architecture, electronic data communications, network/data, electronic commerce, electronic commerce, and other related areas to provide computing security and integration services to company computer users and customers. Interfaces with the appropriate government agencies, customers, suppliers, and company personnel in order to facilitate implementation of protective mechanisms and to ensure understanding of and compliance with computing security requirements.
Information Technology Fluency
Basic - Extensive and specialized ability in the use of personal and network computing hardware and software to maintain and direct project information, such as, statements of work, resource identification and usage, task status, cost estimating and tracking, etc. Extensive and specialized knowledge of processes and tools to maintain, archive, and retrieve digital files. Extensive and specialized ability in constructing/building and providing reports and presentation material as needed for assigned projects. Extensive and specialized knowledge of identifying and gaining approval of testing of established applications to meet project requirements.
Preferred - Advanced/expert level of understanding and proficiency in the use of networking computing hardware and software applications. Advanced/expert knowledge of processes and tools to maintain, archive, and retrieve digital files. Advanced/expert ability in providing project information, such as, statements of work, resource identification and usage, task status, cost estimating and tracking, etc. Advanced/expert ability around constructing/building and providing reports and presentation material as needed for assigned projects. Advanced/expert knowledge of identifying and gaining approval of testing of established applications to meet project requirements.
Investigative Methods
Basic - Extensive and specialized knowledge of investigative techniques (e.g., pathology, witness statements, photography, site layout, observation).
Preferred - Advanced/expert knowledge of investigative techniques (e.g., pathology, witness statements, photography, site layout, observation).
Typical Education/Experience
Level 4 - Technical bachelor's degree and typically 9 or more years' related work experience or a Master's degree with typically 7 or more years' or a PhD degree with typically 4 or more years' related work experience or an equivalent combination of education and experience. A technical degree is defined as any four year degree, or greater, in a mathematic, scientific or information technology field of study. Level 5 - Technical bachelor's degree and typically 14 or more years' related work experience or a Master's degree with typically 12 or more years' or a PhD degree with typically 9 or more years' related work experience or an equivalent combination of education and experience. A technical degree is defined as any four year degree, or greater, in a mathematic, scientific or information technology field of study.
Other Job related information
Position requires current SSBI/SCI with Full-Scope Polygraph or equivalent. Applicants MUST include their Security Clearance Level, Investigation Type and Investigation Date clearly on their resume.
*** Please note that depending on the specific position, you may be required to pass additional medical tests, credit checks, and/or other requirements. These additional items are required for the Company to comply with various laws and regulatory rules.***
Every job requisition has specific and unique requirements listed under 'Description', 'Competencies', and 'Education'. Applicants will increase their opportunities for consideration by demonstrating compatibility with these requirements in their resumes.
The job specifications - including competencies (knowledge, skills, abilities, and other characteristics), job-relevant work experience, education, and other requirements described in this requisition - will be the basis for applicant screening, including resume reviews, structured interviews and any other assessments used to support the hiring decision. All candidates considered for this position may be required to participate in a structured interview. The structured interview is a standardized method of evaluating candidates' job-related competencies to support an objective selection and promotion process.