DHA is currently seeking a System Security Engineer (ISSO) to provide test development, documentation and execution for an enterprise team supporting of our largest client. This position is located in Quantico and the surrounding areas of Stafford, Virginia. This position requires an active Top-Secret clearance.
- Assists stakeholders in identifying and evaluating technical and operational security risks, threats, weaknesses and vulnerabilities associated with information systems
- Review acquisitions for products as they relate to information security
- Identifies, quantifies, and recommends mitigation actions for security risks as they relate to enterprise projects
- Supports the certification and accreditation (C&A) process of information systems, to verify and validate conformance to federal and FBI policies, regulations, FISMA compliance and standards, and meet specified security requirements. Support will parallel with OCIO certification testing methodologies and strategies
- Reviews system documentation to ensure security requirements are met for the approved proposed system and engineering change requests; and modifications to determine impact on system security
- Evaluates security vulnerabilities with regard to confidentiality, integrity, and availability, and recommend appropriate solutions and/or viable strategies and/or mitigations
- Produces management reporting, including appropriate metrics that inform senior leadership as to the state of information risk and exposure
- Monitors trends in technology, perform system security analyses, and recommend strategies and solutions for improving or enhancing system security
- Recommends and advises on standards and procedures that reflect good practice in IT infrastructure management and provide security policy support
- Performs multiple IT Security support services associated with security functional testing, vulnerability assessments and penetration testing. Including Vulnerability, Database, and Web scanning along with Network Mapping
- Supports the C&A process of information systems, to verify and validate conformance to Federal and DOJ policies, regulations, FISMA compliance and standards, and meet specified security requirements
- Conducts ongoing security functional requirements testing and security assessments of information system hardware, software, and applications, and overall system architecture, verifying and validating that system security technical and operational controls are in accordance with established security policies, requirements, plans, standards, processes, and procedures
- Experience with information system compliance with government standards and industry best practices including, but not limited to NIST, OWASP, Common Criteria, DISA and SANS Institute
- Experience with a variety of web application vulnerability and network penetration test tools, including but not limited to, Nmap, Metasploit, and Nessus
- Bachelor’s Degree in system engineering, Computer Science, Information Systems, Engineering Science, Engineering Management, or a related discipline
Desired Skills and Experiences:
- Minimum of at least one (1) certification must be active relating to information security such as: Certified Information Systems Security Professional (CISSP), GIAC security certification (e.g. GCIH, GWAPT, GPEN, GSLC, etc.), or CompTIA Security +.
- Minimum of three (3) years of demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field including:
- Knowledge of developing, maintaining and managing Security Authorizations and Assessments packages
- Experience with developing and managing Plans of Action & Milestones (POA&Ms)
- Displays technical experience with conducting research and providing review recommendations on software and technologies for vulnerabilities
- Technical experience with reviewing vulnerability scans and providing mitigation techniques.
- Experience in conducting annual assessments
- Possess experience developing and testing Contingency Plans
- Experience with conducting audit log reviews
- Experience with NIST Special Publications and guidance
- Minimum of three (3) years of working experience with the latest version of Microsoft Office Suite (Word, Excel, and PowerPoint) and SharePoint (User)
DHA has been a trusted partner to the US Federal Government for more than 20 years. We are a vibrant, energized and fast growing company serving the agencies which protect our freedom and way of life. Our mission focuses on the intelligence, law enforcement and defense communities. DHA adds value to every customer we serve by providing the best solution, talent, expertise and experience specifically tailored to each customer’s need. We are proud of the company’s culture which is results-oriented and based on kindness, caring and compassion for everyone we serve as a customer, employee or teaming partner.
Why DHA? Over the years, DHA has proven its ability to provide cost-effective, forward-thinking solutions, and exceptional service for customers. The trust our clients, teaming partners, and employees have in DHA is directly related to how we cultivate and value relationships. Our diverse clients include the Federal Bureau of Investigation (FBI) and Department of Justice (DOJ), Veteran’s Administration, Department of State, U.S. Marshals, Defense Logistics Agency (DLA), and the Department of Defense (DoD).
DHA is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, or national origin.