Monitors and analyzes Intrusion Detection Systems (IDS) to identify security issues for remediation
Recognizes potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
Evaluates firewall change requests and assesses organizational risk
Communicates alerts to agencies regarding intrusions and compromises to their network infrastructure, applications, and operating systems
Assists with implementation of countermeasures or mitigating controls
Conducts regular audits to ensure that systems are being operated securely, and information systems security policies and procedures are being implemented as defined in security plans
Develops, tests, and operates firewalls, intrusion detection systems, enterprise antivirus systems and software deployment tools
Safeguards the network against unauthorized infiltration, modification, destruction, or disclosure
Researches, evaluates, tests, and implements new security software or devices
Conducts investigations of information systems security violations and incidents, reporting as necessary to management
Ensures the integrity and protection of networks, systems, and applications by technical enforcement of organizational security policies, through monitoring of vulnerability scanning devices
Implements, enforces, communicates, and develops security policies or plans for data, software applications, hardware, telecommunications, and information systems security education/awareness programs
Performs periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance
Prepares incident reports of analysis methodology and results
Ensure compliance with regulations and privacy laws
May coach and provide guidance to less-experienced professionals
May serve as a team or task lead
Specifically in this position the ISSE will:
Provide guidance and oversight throughout RMF and/or DIACAP A&A activities.
Perform validator functions in a DoD environment utilizing DoD approved accreditation methods (DIACAP / RMF).
Utilize knowledge of NIST SP 800-53, FIPS 199, SP 800-39, and related policies to develop and validate RMF packages for systems seeking authorization to operate (ATO).
Use knowledge of, and access, to NIPR and SIPR eMASS applications. Use knowledge of Assessment and Accreditation tools including STIG Viewer, ACAS, SCAP, and Vulnerator.
Use communication systems, network protocols, encryption, network devices, operating systems, applications, virtual systems, and databases.
Perform security categorization based on the impact due to loss of confidentiality, integrity, and availability. Select security controls based on security categorization.
Develop strategy for continuous monitoring to ensure acceptable security control is enforced.
Direct and/or perform risk/threat assessment for systems undergoing A&A efforts.
Direct and/or generate A&A package documentation including Security Assessment Plan (SSP) and authorization boundary in the Systems Security Plan (SSP).
This position requires the following:
Navy Qualified Validator Level I with 3 years’ experience (minimum) in performing validator functions in a DoD environment utilizing DoD approved accreditation methods (DIACAP / RMF).
Served as designated Navy Validator for one or more Security Authorizations under RMF
Security+ (or equivalent certification) and IAT Level II in accordance with DoD Instruction 8570.02
Bachelor's degree from an accredited college or university
DoD issued Secret clearance
About Our Work
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.