The ISSE position shall provide comprehensive Information Assurance (IA) support to customer Directorates and Offices. The ISSE will fall under the agency Information System Security Manager (ISSM) and will provide day-to-day security engineering support by ensuring that IA and Operational security practices are maintained for all assigned Information Systems (IS).
ISSEs must possess a strong working knowledge of:
Information Assurance concepts, to include Assessment and Authorization (A&A) activities
General Information Technology (IT) system functions
Documented Security policies and best practices
Standard technical security safeguards
Operational Security (OpSec) measures
Assessment and Authorization Support
Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each information system during all phases of the IS lifecycle.
Knowledge of NIST 800-53 security controls to ensure system implemented and operating as intended during all phases of the information system life cycle.
Develop and maintain Security Concept of Operations (SECONOPS) and FISMA documentation prior to system authorization.
Support risk assessment and evaluation activities throughout the Assessment and Authorization (A&A) accreditation process.
Works closely with the ISSO and System Administrator to maintain the various system and application A&A status.
Provide liaison support between the system owner and other information system security personnel.
Establish audit trails, ensuring their review and reporting all identified security findings.
Make audit reviews available, when required, to the ISSM or Chief Security Officer (CSO).
Integrate audit reviews with Insider Threat programs and monitoring processes.
Tailor audit logs for the Enterprise Security Operation Center (ESOC) to provide an enterprise view of audit data.
Configure Spunk to Ingest audit logs and create dashboards.
Ensure that selected security controls are implemented and operating as intended during all phases of the information system life cycle.
Provide input to the development process which will include Information Security planning, design, test and analysis.
Perform monthly vulnerability scanning to include
Nessus Vulnerability (Patch Management) and Compliance (STIG) Scans
Nessus Database Scans
Burp Suite Web Application Scans
Research and maintain knowledge of Information Assurance (IA) policies and practices, seeking clarification from the ISSM or higher authority when needed, and disseminates these to users.
Respond to insider threat requests for analysis pertaining to supported systems.
Report all Information System security-related incidents in accordance with the reporting requirements in the system’s IRP and ISCP.
Provide research and analysis of Commercial-Off-The-Shelf (COTS) and Government- Off-The-Shelf (GOTS) and IA-enabled products as part of the security architecture and ensure products are National Security Telecommunications and Information Systems Security Policy Number 11 (NSTISSP-11) complaint and validated via the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme or National Institute of Standard (NIST) Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program (CMV P).
The following qualifications are desired:
Bachelor’s Degree with 7 years of experience
Active TS/SCI with Poly
Education relevant to computer engineering, information security, information management, and/or computer science
Any of the following certifications: CISSP, CASP, CAP, GSLC, CISM
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.