Cyber Security Assessment Engineer

Cyber Security Assessment Engineer
Company:

Saic


Cyber Security Assessment Engineer

Details of the offer

Description

SAIC is seeking a qualified CRA Engineer. Supporting the MDA Security Control Assessors (SCA) as the Independent Verification and Validation (IV&V) team by performing complete and thorough risk assessments for the MDA. Daily responsibilities include performing risk assessments on packages submitted from the Information System Security Manager (ISSM) in Enterprise Mission Assurance Support Service (eMASS).

These submissions include System Security Plans (SSP), Interim Authorization To Test (IATTs), Authorization to Operate (ATO), and Authorization to Connect (ATC).
The CRA Engineer evaluates data from many sources to develop a holistic assessment that enables the Authorizing Official (AO) to make an informed authorization decision. This process takes vulnerabilities associated with noncompliant RMF controls and evaluates their risk to the mission and the agency to arrive at a residual risk.
The CRA Engineer position is responsible for executing and documenting risk assessments, including interacting directly with the SCAs and the ISSMs and their Cybersecurity support staff, and supporting the AO signing.
Conducts risk and vulnerability assessment at the network, system and application level. Validates security control implementation and assesses operational risk mitigations along with assisting in security awareness programs. Involved in a wide range of security issues including architectures, firewalls, electronic data traffic, and network access.
Researches, evaluates and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy. Assists in the awareness and education of the required government policy (i.e., DoDI 8500 series and NIST 800 series), and makes recommendations on process tailoring.
Performs analyses to validate established security requirements and to recommend additional security requirements and safeguards. Supports the formal Security Test and Evaluation (ST&E) required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports. Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed. May support cyber metrics development, maintenance and reporting. May provide briefings to senior staff.
Work is performed without appreciable direction. Exercises considerable latitude in determining technical objectives of assignment. Completed work is reviewed from a relatively long-term perspective for desired results. Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results.
Interacts regularly with internal personnel (government and contractor staff) on significant technical matters often requiring coordination between organizations.
Qualifications

Bachelors (or higher) preferred.
Must meet DoDM 8570.01-M, IASAE Level II requirements
14 years of IT experience, with at least 5 years of advanced cybersecurity experience
Current CASP+CE, CISSP (or Associate), or CSSLP certification(s).
Active Secret Clearance
Desired Qualifications:
Successful candidate will understand the Risk Management Framework (RMF) and the NIST 800-53 RMF Security Control Catalog.
Candidate should have experience assessing compliance and performing risk assessments.
Strong technical writing skills are required for producing Risk Assessment Reports and writing assessments that will be presented to the SCA and the AO for decision.
My SAIC Benefits.


Source: Dice


Area:

Requirements

Policy and procedure documentation specialist # 884328

This role will be remote during COVID Restrictions, this person needs to be local to Dallas. The manager is going to request a video interview if your candidate...


Texas

Published a month ago

Quality engineer

Title: - Quality Engineer Location: - Denver,COWe are in one of the most dynamic periods in our history as technology; globalism and economic diversity create...


From Wiley - Colorado

Published a month ago

Valorant coach

WHO WE ARE & WHAT WE ARE LOOKING FOR Nerd Street Gamers (NSG) product offering includes facilities, event management, and broadcast production with an...


From Nerd Street Gamers - Pennsylvania

Published a month ago

Fortnite coach

WHO WE ARE & WHAT WE ARE LOOKING FOR Nerd Street Gamers (NSG) product offering includes facilities, event management, and broadcast production with an...


From Nerd Street Gamers - Pennsylvania

Published a month ago