Information Security- ISSE (Active Top Secret Clearance Required)

Clearance Level
Top Secret
Category
Information Security
Location
Chantilly, Virginia

REQ#: RQ67185

Travel Required: None
Public Trust: None
Requisition Type: Regular

The ISSE position shall provide comprehensive Information Assurance (IA) support to customer Directorates and Offices.  The ISSE will fall under the agency Information System Security Manager (ISSM) and will provide day-to-day security engineering support by ensuring that IA and Operational security practices are maintained for all assigned Information Systems (IS).

ISSEs must possess a strong working knowledge of:

  • Information Assurance concepts, to include Assessment and Authorization (A&A) activities
  • General Information Technology (IT) system functions
  • Documented Security policies and best practices
  • Standard technical security safeguards
  • Operational Security (OpSec) measures

Assessment and Authorization Support

  • Ensure the day-to-day implementation, oversight, continuous monitoring, and maintenance of the security configuration, practices, and procedures for each information system during all phases of the IS lifecycle.
  • Knowledge of NIST 800-53 security controls to ensure system implemented and operating as intended during all phases of the information system life cycle.
  • Develop and maintain Security Concept of Operations (SECONOPS) and FISMA documentation prior to system authorization.
  • Support risk assessment and evaluation activities throughout the Assessment and Authorization (A&A) accreditation process.
  • Works closely with the ISSO and System Administrator to maintain the various system and application A&A status.
  • Provide liaison support between the system owner and other information system security personnel.
  • Establish audit trails, ensuring their review and reporting all identified security findings.
  • Make audit reviews available, when required, to the ISSM or Chief Security
    Officer (CSO).
  • Integrate audit reviews with Insider Threat programs and monitoring processes.
  • Tailor audit logs for the Enterprise Security Operation Center (ESOC) to provide an enterprise view of audit data.
  • Configure Spunk to Ingest audit logs and create dashboards.
  • Ensure that selected security controls are implemented and operating as intended during all phases of the information system life cycle.
  • Provide input to the development process which will include Information Security
    planning, design, test and analysis.
  • Perform monthly vulnerability scanning to include

    Nessus Vulnerability (Patch Management) and Compliance (STIG) Scans

    Nessus Database Scans

    Burp Suite Web Application Scans

General

  • Research and maintain knowledge of Information Assurance (IA) policies and practices, seeking clarification from the ISSM or higher authority when needed, and disseminates these to users.
  • Respond to insider threat requests for analysis pertaining to supported systems.
  • Report all Information System security-related incidents in accordance with the reporting requirements in the system’s IRP and ISCP.
  • Provide research and analysis of Commercial-Off-The-Shelf (COTS) and Government-
    Off-The-Shelf (GOTS) and IA-enabled products as part of the security architecture and
    ensure products are National Security Telecommunications and Information Systems
    Security Policy Number 11 (NSTISSP-11) complaint and validated via the National
    Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation
    Scheme or National Institute of Standard (NIST) Federal Information Processing Standards (FIPS) Cryptographic Module Validation Program (CMV P).

Qualifications

The following qualifications are desired:

  • Bachelor’s Degree with 7 years of experience
  • Active TS/SCI with Poly
  • Education relevant to computer engineering, information security, information management, and/or computer science
  • Any of the following certifications:  CISSP, CASP, CAP, GSLC, CISM
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.