SRA International, Inc., A CSRA Company Sr. Cyber Security Engineer in Washington, District Of Columbia
Clearance Level Must Currently Possess:
No Active Clearance Required
Clearance Level Must Be Able to Obtain:
No Active Clearance Required
Serve as advisor to the design and development teams to ensure compliance with Federal mandates, OMB and NIST guidelines, and FPLS security requirements.
Serve as advisor to the design and development teams on security issues, and assist as needed in the development of security documentation for Security Authorization.
Serve as a Subject Matter Expert (SME) on application and network security topics as well as emerging security technologies.
Participate in routine and on-demand system and application vulnerability scanning, document findings and recommendations, and present analysis of results to stakeholders.
Participate in the continuous monitoring of FPLS systems and applications in support of the security authorization process through system development life cycle, risk assessments, vulnerability testing, inventory and configuration audits, technical and physical assessments, and development of security documentation.
Serve as one of the Security team’s representatives to the Data Access team to ensure data sharing and research partners adhere to FPLS security requirements.
Develop and maintain security policies, procedures and required documentation for security compliance with Federal mandates, OMB and NIST guidelines, and HHS/ACF requirements.
Support the Office of Child Support Enforcement (OCSE) management, the Administration for Children and Families (ACF) CISO, ACF Cyber Security Office, and HHS Chief Information Security Officer (CISO) to ensure FPLS compliance with ACF and HHS security requirements.
Assist the FPLS ISSO, FPLS ITSSO and Technical Manager to ensure that FPLS upholds all security requirements to maintain the ACF Certification and Accreditation.
Support the Security Team in responding to external audits conducted by the HHS Inspector General (IG), Internal Revenue Service (IRS) and other Federal agencies as required.
Populate FPLS Security items in the HHS Risk Management Framework Portal (RMFP) tool including the Federal Information Security Management Act (FISMA) reviews and Plans of Action and Milestones (POA&M) as a result of audit findings.
Participate in the development and presentation of Security Awareness Training as required.
Participate in the conduct of security site assessments on data matching partner sites and FPLS contractor sites.
Mentor junior IA engineers, ensuring they have required knowledge and training and familiarity with specific Agency Security requirements and processes.
Coordinates and provides assistance to customers on requisite System Security Plans (SSPs) in accordance with agency established policies.
Assists in the gathering, analysis, and preservation of evidence used in the prosecution of computer crimes.
Assesses security events to determine impact and implements corrective actions.
Participates in network and systems design to ensure implementation of appropriate systems security policies.
Ensures the rigorous application of information security/information assurance policies, principles, and practices in the delivery of all IT services.
Develops and implements programs to ensure that systems, network, and data users are aware of, understand, and adhere to systems security policies and procedures.
Promotes awareness of security issues among management and ensures sound security principles are reflected in organizations’ visions and goals.
Conducts research pertaining to the latest viruses, worms, etc. and the latest technological advances in combating unauthorized access to information.
Supports the client in publishing incidents, alerts, advisories, and bulletins.
Conducts risk and vulnerability assessments of planned and installed information systems to identify vulnerabilities, risks, and protection needs.
Conducts systems security evaluations, audits, and reviews.
Develops systems security contingency plans and disaster recovery procedures.
Develops policies and procedures to ensure information systems reliability and accessibility and to prevent and defend against unauthorized access to systems, networks, and data.
Supports Information Assurance asset deployments, upgrades, and maintenance including servers, databases, network assets, and wireless LAN security.
Recommends technological and architectural upgrades/modifications to client's Information Systems Security architecture.
Provides input to incident response functions when appropriate and coordinates activities with site personnel when directed by the client organization.
Skill Set (required):
Exceptional written, and communication skills; writing sample will be requested.
At least 5 years of professional work experience in a cyber security role.
5 years of web and portal development exp.
Demonstrated experience and understanding of Information Assurance in the following specialties: Internet and Intranet Applications and Authentication; and Physical, Personnel, Network, Computer, Information, Operational, Administrative, and Communications Security.
Experience with handling multiple tasks simultaneously, and the ability to work independently in a high stress environment with an orientation towards customer service.Desirable Qualifications
Security or IT certifications (e.g. CISSP, CISA, MCSE, C|EH,etc.) related to the security of web and portal developments.
Knowledge of FedRAMP and cloud computing
Knowledge of Network infrastructure and ability to analyze network diagrams
Knowledge of web application vulnerability scanning tools such as IBM AppScan
Knowledge of the Child Support Enforcement program and system operations.
Experience in handling sensitive data sources and distribution of data containing personally identifiable information.
Experience using Microsoft Word and other COTS products (e.g., PowerPoint)
# of Openings:
Scheduled Weekly Hours:
T elecommuting Options:
Some Telecommuting Allowed
USA DC Washington - 330 C St SW (DCC127)
Additional Work Locations:
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
THINK NEXT. NOW.
CSRA is tomorrow’s thinking, today. To “Think Next. Now.” is to imagine a better future and to deliver it, today. For our customers, our partners, and ultimately, all the people our mission touches, CSRA is realizing the promise of technology to change the world through next-generation thinking and meaningful results.
We understand that our customers' missions require new methods and imaginative thinking. We bring together government IT professionals, emerging technologies, and the brightest, cutting-edge advisors in the industry to deliver a broad range of innovative, next-generation IT solutions and professional services to help our customers modernize their legacy systems, protect their networks and assets, and improve the effectiveness and efficiency of mission-critical functions for our warfighters and our citizens.
Everywhere you look, CSRA is there. We’re in our nation’s infrastructure, in training and education, in cyber security, in serving veterans who served us—and, so much more. Take some time to learn more about CSRA. You might be surprised to learn how we touch your life.
We are a company of 18,000+ smart, talented individuals, yet we enjoy a start-up culture that inspires us to make a difference while delivering results in this rapidly evolving world. Join our team and use your skills and expertise to support the safety, security, health and well-being of the nation.