General Dynamics Information Technology Bethesda, MD, USA
Feb 20, 2020Full time
We are seeking a Cybersecurity Engineer Lead to join our team in support of the National Institutes of Health (NIH) Office of the Director IT Support Services Contract. As a key participant within a cohesive Information Assurance (IA) and security engineering team you will share responsibilities for conducting FISMA-compliant System Assessments and Authorization (SA&A) and maintaining continuous Approval To Operate (ATO) for customer built and maintained applications supporting missions worldwide. You will also share in responsibilities for maintaining security systems and conducting security operations for accredited infrastructures and applications. Direct responsibilities will be based on your greatest strengths and interests. The security engineering team culture promotes interaction among team members for determining best direction for both our team and client. Our team culture also promotes individual mentorship and technical career path growth in latest information system technologies. Our team constantly seeks out to provide smart and effective solutions backed by efficient team-built system architecture,s plus team documented and tested process and procedures. On this program we provide support for 2,700 end-customers residing in approximately 20 buildings. Support includes 24x7 on-call duty support for monitoring of critical systems and for VIP support. Our team focuses on maintaining excellent customer experience as it relates to service requests and maintain and improve interoperability between IT infrastructure systems. What GDIT Can Offer You: We combine an in-depth understanding of the technology landscape with mission knowledge to enhance our clients' operations and prepare them for the future. We stay at the forefront of new and emerging technologies, helping our clients deliver the transformations that matter. At the most critical moments of change, we're there. Bringing the resources, solutions, and expertise to help our clients take on some of the world's biggest challenges. Join a team focused on delivering and supporting NIH on their mission. Our team is working on current and new technologies to move NIH forward. We invest in career mobility on multiple contract vehicles and locations. In this role, a typical day will include: Supervise up to five direct reports administratively: time card approvals, evaluations, interviewing, etc. Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications Perform Independent Security Assessment and Reporting (ISAR) as part of application System Development Lifecycle (SDLC) Provide incident response to classification spills, malware infection, misconfiguration exposure, internal inappropriate behavior and technical issue Analyze vulnerability scan results for validation and root cause Perform security system event analysis, investigation, and validation Participate in Lifecycle Management (LCM) Technical Change Control Boards (TCCB) providing technical guidance for security control compliance Participate in Security Architecture Review Boards as part of security system Operations & Management (O&M) sustainment and architecture enhancement Perform Security Technical Implementation Guide (STIG) and Federal Information Security Management Act (FISMA) assessments and annual reporting Perform Security control assessments as part of Continuous Monitoring NIST SP 800-53 V4 compliance sustainment for application, infrastructure, and network Task, track and mitigate Plan of Action & Milestones (POA&M) vulnerability scan and security assessment findings requiring mitigation. Perform privileged User Account Management and Role Based Access assignment Required Qualifications: BS degree in Computer Science or Information Technology or the equivalent and five years experience or a MS and three years experience Minimum of three years experience with security system engineering, system operations & maintenance (O&M) Security Information & Event Management (SIEM), firewalls, Intrusion Detection Systems (IDS), Data Loss Prevention (DLP), audit logformatting/databases,and other types of data management technologies such as Splunk, ELK. Minimum of three years experience with system and application Certification & Accreditation (C&A), System Assessment & Authorization (SA&A), and/or Independent Validation and Verification (IV&V) Minimum of two years experience with security system monitoring, syslog and traffic analysis, and incident response Minimum of two years experience developing and maintaining standard operating procedures and work instructions Minimum of two years experience fulfilling Information System Security Officer (ISSO) and/or Information System Security Representative (ISSR) role Minimum of two years experience fulfilling Windows and/or Unix administrator role or support ITIL v3 Foundations certification or ability to obtain within first six months of employment Must be able to obtain a Public Trust Desired Qualifications: CISSP, Security+CE, or CEH certifications GDIT CAREERS Opportunity Owned Discover more at www.gdit.com/careers We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.