Provide leading Information System Security Engineering (ISSE) services to establish a comprehensive Controlled Unclassified Information (CUI) protection capability for a large Government customer. Work with stakeholders to understand CUI protection needs, define requirements, design security solutions, develop implementation plans, and supervise their secure operations.
- Define CUI protection requirements in coordination with security stakeholders including system engineers, program managers, contract specialists, security control assessors, and authorizing officials.
- Develop and review system security designs and architectures.
- Advise programs and system engineers on best methods to achieve vulnerability and risk reduction.
- Support engineering analysis of alternatives, tradeoffs, and risk treatment decisions.
- Develop cybersecurity documentation in support of customer Risk Management Framework (RMF) process.
- Work with interdisciplinary teams to deliver effective and efficient CUI protection capabilities.
- 8 years minimum of system and/or security engineering work performed in support of U.S. Government customers subject to Intelligence Community Directive (ICD) 503.
- Review and development of RMF Assessment and Authorization (A&A) documentation, e.g. System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POAMs).
- Security engineering work performed in direct support of a CUI protection program.
- Experience implementing NIST SP 800-171 Revision 2 security requirements and NIST SP 800-171A assessment procedures.
- Amazon C2S, SC2S, Commercial and GovCloud planning, design, and operations.
- Network design and implementation.
- B.S. or M.S. degree in a technical field
- Certified Information Systems Security Professional (CISSP) certification