ISHPI Information Technologies IA Support (ISSE) in North Charleston, South Carolina
Naval Information Warfare Center (NIWC) S2IPT supports DoD and Navy information technology to design, develop, engineer, and maintain systems that will improve customer organizational efficiency. Support areas include: Software Development, Administrative Services, Applications Integration Management, Corporate Strategy Planning and Execution, Information Assurance and Cyber Security, Information Resource Management, Information Technology (IT) Operations. This tasking includes: new standards engineering, prototype installation, application development, data interoperability, system design, system management and maintenance, data collection, analysis, and other management and implementation efforts to support of data translation, data mediation, and data mapping.
A Software Services IPT Information Systems Security Engineer is an integral member of a scrum team (or likely multiple teams) challenged to provide security engineering and Assessment and Authorization (A&A) support for the implementation and fielding of S2IPT software-based capabilities and services.
Work with IPT and system stakeholders within the Agile development process to ensure that Information Assurance requirements are considered and addressed from concept through disposal of the software development lifecycle, i.e. built-in rather than bolted-on. Key tasks include:
Execution of the DOD 6 step RMF and/or DIACAP SA&A processes IAW DoDI 8510.01 to ensure ATO achievement and sustainment throughout the entirety of system and software lifecycle.
Analysis of proposed system and software features and capabilities to assist in the identification of resultant security impacts and DOD RMF documentation and vetting requirements as prescribed by DoDI 8510.01 and DoDI 5000.2
Documentation of employed and proposed system and software security requirements, features and enhancements as required by the determined “Use case”
Creation and enhancement of system development and Information Assurance processes and methodologies in support of “bridging the gap” between the system development and IA teams
Work closely with software developers and other IA team members to ensure the software delivered by the IPT is safe, secure, and compliant with applicable DOD hardening guidelines and security control requirements; DOD STIGs, CNSSI 1253, NIST SP 800-53, etc
Verify software and system registration status within the required DOD repositories. This includes DADMS registration and FAM approval for all for all integrated, installed, or operational applications and DITPR-DON registration for all systems
Plan, perform, coordinate, and/or review technical security assessments and ST&E events of computing baselines and architectures to identify weaknesses and areas of non-compliance with established DOD and Federal Cybersecurity standards and policies.
Work with system stakeholders and development teams in the creation, implementation and management of weakness mitigation and remediation strategies and their related POA&Ms
Recurring reviews and updates of the Vulnerability Remediation Asset Manager (VRAM) web portal
Working knowledge of the DOD implementation of the NIST Risk Management Framework (RMF) and DIACAP methodologies and processes
Familiarity with the Navy’s High Risk Escalation Process
Experience in the Security Assessment Process to include performance of SME interviews and evaluation of provided artifacts in regard to mandated security control requirements.
Experience in the analysis of IAVA bulletins and Cyber Security TASKORDs and providing leadership details on any required actions and related timelines
Working knowledge of the Enterprise Mission Assurance Support Service (eMASS) tool
Requires U.S. Citizenship and ability to obtain a SECRET Clearance
5 years of experience in DoD DIACAP or RMF system authorization processes
DoD 8570.1M IAT Level II baseline certification: CNA Security, CySA+, GICSP, GSEC, Security+ CE or SSCP
(Preferred) BS degree in Computer Science, Cyber Security, Information Assurance, or related field 10+ years of experience in Information Technology Security technologies
“Ishpi Information Technologies, Inc. is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, disability, or status as a protected veteran.”
Job ID: 2020-1145
External Company URL: https://careers-ishpi.icims.com/
Street: 1545 Truxtun Avenue