CALIBRE Systems Inc., an employee-owned Management Consulting and Digital Transformation company, seeks an Information Systems Security Engineer (ISSE) to perform and/or review the technical security assessments of computing environments. The assessments will be used to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations, and recommend mitigation strategies. The ISSE will validate and verify system security requirements definitions and analyses and establish system security designs. They will design, develop, implement, and/or integrate IA and security systems and system components. These will include those for networking, computing, and enclave environments, those with multiple enclaves, and those with differing data protection/classification requirements. The ISSE will build IA into systems deployed to operational environments. They will assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions. They will support the building of security architectures and enforce the design and implementation of trusted relations among external systems and architectures. The ISSE will assess and mitigate system security threats/risks throughout the program life cycle, and contribute to the security planning, assessment, risk analysis, risk management, certification, and awareness activities for system and networking operations. They will reviews assessment and accreditation (A&A) documentation and provide feedback on completeness and compliance of its content.
The ISSE will apply system security engineering expertise in one or more of the following:
- System security design process
- Engineering life cycle
- Information domain
- Cross-domain solutions
- Commercial off-the-shelf and government off-the-shelf cryptography
- Identification, authentication, and authorization
- System integration
- Risk management
- Intrusion detection; contingency planning
- Incident handling
- Configuration control
- Change management
- Auditing
- Certification and accreditation process
- Principles of IA (confidentiality, integrity, non-repudiation, availability, and access control)
- Security testing
The ISSE will support security authorization activities in compliance with DoD Risk Management Framework (RMF), the National Institute of Standards and Technology (NIST) Risk Management process. This position will work hand-in-hand with the customer team as well as external teammates across all program security functions. The successful candidate will be responsible for implementing and/or managing the following:
- Develop and enforce a formal IA/Cs security and training program.
- Enforce IAVM dissemination, reporting, compliance, and verification procedures as described in CJCSM 6510.01 and related guidance.
- Report security violations and incidents to the servicing RCERT in accordance with prescribed Incident and Intrusion Reporting procedures.
- Conduct security inspections, assessments, tests, and reviews.
- Manage IASO’s/ISSO’s, as required, to establish the scope of responsibilities and the technical and security training requirements.
- Conduct FISMA annual reviews of all IS’s and networks to ensure no security changes have been made to invalidate the A&A.
- Negotiate A&A issues with the AO, or designated representative, for incoming systems and make recommendations to the host data facility on additional protection mechanisms necessary prior to operation of the incoming IS’s.
- Maintain training and certification records for IA/Cs personnel and user IA/Cs awareness training records.
- Ensure the use of approved procedures for clearing, purging, reusing, and releasing system memory, media, output, and devices.
- Review all IA/Cs A&A support documentation packages and system fielding, operations, or upgrade requirements to ensure accuracy and completeness, and that they meet minimal risk acceptance standards.
- Maintain a repository for all systems A&A documentation and modifications, version control, and management of GOTS, COTS, and non-developmental items (NDI’s) for organization or site. Identify data ownership (including accountability, access, and special handling requirements) for each IS or network within their authority.
- Verify that all IS’s within the scope of responsibility are properly assessed and authorized in accordance with the RMF and CM policies and practices before operating or authorizing the use of hardware and software on an IS or network.
- Serve as a member of an applicable CCB.
- Ensure that IA/Cs personnel are maintaining and auditing access and log data.
- Assist the Program ISSM (P-ISSM) as required to identify and validate IA/C's resource requirements.
- Provide input to the P-ISSM for management controls.
- Achieve and maintain DoD 8570.01-M, IAM Level III, or Federal equivalent certification as required.
Required Skills
- ACTIVE DOD SECRET SECURITY CLEARANCE.
- Experience providing technical expertise on computer network design, implementation, and accreditation.
- Experience providing oversight and coordination for multiple contractors supporting program objectives.
- Expertise in certification and accreditation.
- Expertise in NIST 800-53 policies and implementations.
- Direct ISSO and/or ISSE experience working with accreditations - Experience interacting with program ISSM staff.
- Above average oral and written communication skills.
- Leadership in the Information Assurance Security Officer (IASO) V/Information System Security Manager (ISSM) role.
Required Experience
- DoD 8570.01-M, IAM Level III, or Federal equivalent certification.
- Bachelor’s degree or 10 to 15 years of equivalent professional experience in lieu of degree.
- CISSP certification.