Skills Required – The candidate must
• Must have a NIST 8570 compliant certification (CISSP, CAP, CISM, etc.)
• Have a Bachelor’s degree in Computer Science, Computer Engineering, or equivalent or 15 years’ experience in IA
• Have a minimum of 10 years with Intelligence Community or SIGINT activity.
The contractor shall provide information system security engineering and operations support to the government to include:
• Supporting System Security Plan (SSP) creation and updates using XACTA
• Analyzing, determining, and recommending methods, approaches and step-by-step plans – with technical justification required – to mitigate security vulnerabilities existing at a site using government-provided IA/CND tools (e.g., Firewalls, IDS correlation engines, etc.)
• Perform analysis and troubleshooting of system and network security related events
• Supporting and improving enterprise security solutions
• Providing strategic IA expertise to support government missions delivering IT capabilities required by the program
• Conduct validations of security certification evidence against compliance requirements
• Assisting the government in the design and development of secure architectures, including system security requirements analysis, system security requirements allocation, risk-analysis, and secure system definition and development
• Collaborate with other government agencies on IA focused projects and initiatives
• Assisting with evaluations of system and network design review and firewall rule evaluations
• Performing product evaluations and documenting the necessary findings and/or recommendations in white papers, position papers, and technical review documents
• Supporting the group’s systems design architecture efforts, including updating and maintaining a repository of design drawings, and IA specifications
• Where necessary, participating in government working group sessions ensuring the enterprise IA approach is embedded throughout all service offerings
• Performing detailed security analysis of existing and emerging IA technologies and capabilities identified by Community stakeholders or recommended by the team for integration into program architecture
• Developing evaluation criteria based on stakeholder values and using the chosen criteria to identify and document IA concerns for the proposed architecture and systems
• Experience with Data Transfer activities and requirements
• Be able to review system audit data and research events to determine if they are security relevant or system anomalies using tools such as SPLUNK
• Have experience in identifying, researching, characterizing, and documenting security weaknesses related to operating systems, software applications, firmware, network hardware components, as well as network architecture design and documented policies and procedures
• Be able to analyze IAVA notices and determine relevancy to our systems
• Have experience with XACTA