Senior Information Systems Security Engineer (Software, TRANSEC/COMSEC vulnerabilities)

Description

ARS is seeking a Senior Information Systems Security Engineer (ISSE) candidate located at Hanscom, AFB. This position will require experience in TRANSEC/COMSEC vulnerabilities.

Applied Research Solutions (ARS) is respected as a world-class provider of technically integrated solutions as we deliver premier talent and technology across our focused markets for unparalleled, continuous mission support. Awarded a Best Places to Work nominee since 2020, ARS recognizes that without our career- driven, loyal professionals, we would not be able to deliver state-of-the-art results for our mission partners. We firmly believe that prioritizing our employees is of the upmost importance. We provide a culture where our employees are challenged to meet their career goals and aspirations, while still obtaining a work/life balance. ARS employees are motivated through our industry competitive benefits package, our awards and recognition program, and personalized attention from ARS Senior Managers.

Responsibilities include:

• Support the system/application authorization and accreditation (A&A) effort for weapon systems and PIT Systems, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Air Force policies (i.e., Risk Management Framework (RMF). Understanding of how RMF intersects with the acquisition process and how it's used to generate requirements; how RMF and Cybersecurity should be covered in contracts - requirements, deliverables, PWS/SOW language. Understanding how to work through RMF and controls with a program to establish appropriate levels of risk based on program lifecycle and mission requirements.

• Recommend policies and procedures to ensure the reliability of and accessibility to information systems and to prevent and defend against unauthorized access to systems, networks, and data.

• Develop, execute, and track the performance of security measures to protect information and network infrastructure and computer systems.

• Review and assess architectures and recommend cybersecurity strategies to developmental and legacy system designs.

• Assess threats to determine impact and recommend corrective actions to program managers to reduce risk.

• Translate program/system requirements into technical requirements and architectures needed to meet program objectives.

• Life cycle development Promote awareness of security issues among management and ensuring sound security principles are reflected in program's' visions and goals. Participate in systems design.

• Understanding of DevSecOps environments to check for security flaws and vulnerabilities during code review.

• Understanding of operating systems including Linux, Ubuntu, IoT systems, ZTA environments and Cloud development.

• Identify, define, and document system security requirements and recommend solutions to management.

• Plan, develop, implement, and update Cyber Security Strategy Information within the Program Protection Plan (PPP) and assess CPI (Critical Program Information) and CC (Critical Components) analysis.

• Recommend and review Tempest requirements, systems security contingency plans and disaster recovery procedures.

• Experience with compliance and vulnerability and software scanning tools (STIGs, Nessus, ACAS, SCC/ SCAP, etc.) to include the review and creation of mitigation reports.

• Review the Vendor submitted Contract Data Requirement List (CDRL) items for Cybersecurity related areas, to ensure technical requirements have been met, and provided substantial comments and recommendations to the Program Management (PM) team as to adequacy of the CDRL.

• Other duties as assigned.

Qualifications/Technical Experience Requirements:

• Must be a US citizen

• MA/MS degree required and at least ten years of job experience, minimum of ten years of progressive technical experience related to IA/cyber engineering architecture, requirements determination, development and implementation.

• Must meet DoDD 8140 IAT level II or higher

• Certified Information Systems Security Professional (CISSP)

• SAP/SAR experience is required

• DoD 8570.01 MMGT512 compliant certification.

• Experience with the Risk Management Framework (RMF).

• Active Top Secret Security Clearance

• Experience with TRANSEC/COMSEC vulnerabilities

• Expertise in software development and security

• Expertise in transport security and communications security

• NSA system certification experience in mandatory

• Experience in security systems engineering involving hardware and software operating systems and application solutions

• Experience in security features and/or vulnerability of various operating systems

• Experience with IA vulnerability testing

• Experience with US Government contract proposals as IA/security engineering subject matter expert, and implementation of DoD and Federal IA A&A processes

• Experience in IA controls and developing and maintaining associated A&A documentation IAW RMF

The expected annual salary range: $170k - $192k. Salary is dependent upon the role and associated responsibilities, candidate's experience, and qualifications to include education/training, and key skills.

All positions at Applied Research Solutions are subject to background investigations. Employment is contingent upon successful completion of a background investigation including criminal history and identity check.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-741.5(a). This regulation prohibits discrimination against qualified individuals based on disability and requires affirmative action by covered prime contractors and subcontractors to employ and advance in employment qualified individuals with disabilities.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-300.5(a). This regulation prohibits discrimination against qualified protected veterans and requires affirmative action by covered contractors and subcontractors to employ and advance in employment qualified protected veterans.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

This employer is required to notify all applicants of their rights pursuant to federal employment laws.

For further information, please review the Know Your Rights ( notice from the Department of Labor.