ISSE with Security Clearance - Annapolis Junction, MD, United States - Momentum Engineering

    Momentum Engineering
    Momentum Engineering Annapolis Junction, MD, United States

    2 weeks ago

    Default job background
    Technology / Internet
    Description
    This position requires a solid understanding of security practices and policies as well as hands‐on vulnerability testing experience. The selected candidate will have numerous responsibilities from day to day drawn from a wide array of activities.

    The strongest candidates will have experience working in these areas:


    • Validating and verifying system security requirements and establishing system security designs for large‐scale systems, major system elements, and interfacing systems that are part of a large complex network environment with geographically distributed components.
    • Identifying and implementing appropriate information security architectures and functionality to ensure uniform application of security policy and enterprise solutions.
    • Recommending and developing technical solutions, products, and standards based on current and desired system security architecture.
    • Assessing and mitigating system security threats and risks throughout the program life cycle.
    • Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for various system and networking operations.
    • Effectively collaborating with other internal technical experts on a day‐to‐day basis.
    • Communicating with Program Managers and POCs from customer organizations when necessary, regarding Security issues of significant importance.
    • Participating in Program Increment Planning and related agile team activities.
    • Working closely with System Engineering, Test Engineering, and Integration teams to ensure that the hardware and software architecture and implementation meets security requirements.
    • Analyzing and assessing system implementation against multiple security compliance policies and recommending and implementing enhancements.
    • Evaluating security solutions to ensure they meet customer specified requirements for processing information.
    • Evaluating the impact of new development on the operational security posture of the system.
    • Evaluating, reviewing, and testing critical software.
    • Proposing, assessing, coordinating, implementing, and enforcing information
    systems security policies, standards, and methodologies.


    • Auditing and assessing system security configuration settings using common
    methodologies and tools.


    • Managing and enforcing security strategies and policies that effect various
    components of geographically distributed systems.


    • Providing configuration management for security‐relevant information system software.
    • Serving as a subject matter expert in security architecture to include providing advice to Program Managers, Customer technical experts, and internal program teams.
    • Formulating security compliance requirements for new system features.
    • Identifying and remediating security issues throughout the system.
    • Supporting risk assessment, risk management, security control assessment,
    continuous monitoring, service design, and other IA program support functions.


    • Working with development teams to enrich team‐wide understanding of different types of vulnerabilities, attack vectors and remediation approaches.
    • Planning and conducting security verification testing of relevant type 1 devices. Basic Qualifications
    • Must have a solid understanding of security practices and policies and hands‐on vulnerability testing experience.
    • Must have experience applying Risk Management Framework.
    • Must have experience formulating and assessing IT security policy.
    • Must have demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware/software security implementation, communication protocol, encryption techniques/tools, and web services.
    • Must have experience with secure configurations of commonly used desktop and server operating systems.
    • Must be comfortable working on multiple systems and components simultaneously in various configurations.
    • Must have strong verbal and written communications skills.
    • Must be committed to adopting and adhering to best practices.
    • Must be able to effectively plan and prioritize tasking and communicate clearly regarding technical options and trade‐offs.
    • Must be capable of performing high quality work both independently and with a team in a fast‐moving environment. Preferred Qualifications
    • Bachelor's degree in Computer Science, Information Assurance, Information Security System Engineering, or a related discipline.
    • Five ﴾5﴿ years of experience with Defense in Depth Principals/technology ﴾including access control, authorization, identification and authentication, public key infrastructure, network and enterprise security architecture﴿ and applying risk assessment methodology to system development.
    • DoD 8570 compliance with IASAE Level 2 or 3.
    • Information Systems Security Engineering Professional ﴾ISSEP﴿ Certification.
    • Computer Information Systems Security Professional ﴾CISSP﴿ Certification.
    • Experience developing/implementing integrated security services management processes, such as assessing and auditing network penetration testing, anti‐virus planning assistance, risk analysis, and incident response.
    • Experience providing information assurance support for application development that includes system security certifications and project evaluations for firewalls that encompass the development, design, and implementation.
    • Experience with penetration testing tools.
    • Experience with scripting languages.