SRA International, Inc., A CSRA Company Cyber Security Engineer in Bethesda, Maryland
Clearance Level Must Currently Possess:
No Active Clearance Required
Clearance Level Must Be Able to Obtain:
No Active Clearance Required
We are seeking a Cyber Security Engineer to join our team in support of the National Institutes of Health (NIH) Office of the Director IT Support Services Contract. As a key participant within a cohesive Information Assurance (IA) and security engineering team you will share responsibilities for conducting FISMA compliant System Assessments and Authorization (SA&A) and maintaining continuous Approval To Operate (ATO) for customer built and maintained applications supporting missions worldwide. You will also share in responsibilities for maintaining security systems and conducting security operations for accredited infrastructures and applications. Direct responsibilities will be based on your greatest strengths and interests.
The security engineering team culture promotes interaction among team members for determining best direction for both our team and client. Our team culture also promotes individual mentorship and technical career path growth in latest information system technologies. Our team constantly seeks out to provide smart and effective solutions backed by efficient team built system architectures plus team documented and tested process and procedures.
On this program we provide support for 2,700 end-customers residing in approximately 20 buildings. Support includes 24x7 on-call duty support for monitoring of critical systems and for VIP support. Our team focuses on maintaining excellent customer experience as it relates to service requests and maintain and improve interoperability between IT infrastructure systems.
Perform Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation
Prepare Vulnerability Scanning test plans, coordinate testing, and conduct scans using Nessus, Foundstone, WebInspect, Hailstorm and other scan applications
Analyze vulnerability scan results for validation and root cause
Perform security system event analysis, investigation, and validation
Provide incident response to classification spills, malware infection, misconfiguration exposure, internal inappropriate behavior and technical issue
Perform Independent Security Assessment and Reporting (ISAR) as part of application System Development Lifecycle (SDLC)
Participate in Lifecycle Management (LCM) Technical Change Control Boards (TCCB) providing technical guidance for security control compliance
Participate in Security Architecture Review Boards as part of security system Operations & Management (O&M) sustainment and architecture enhancement
Perform Security Technical Implementation Guide (STIG) and Federal Information Security Management Act (FISMA) assessments and annual reporting
Perform Security control assessments as part of Continuous Monitoring NIST SP 800-53 V4 compliance sustainment for application, infrastructure, and network
Task, track and mitigate Plan of Action & Milestones (POA&M) vulnerability scan and security assessment findings requiring mitigation.
Perform privileged User Account Management and Role Based Access assignment
- BS degree in Computer Science or Information Technology (5 years’ experience without degree)
3+ years security system engineering, system operations & maintenance (O&M) Security Information & Event Management (SIEM), firewalls, Intrusion Detection Systems (IDS), Data Loss Prevention (DLP), audit log formatting/databases, and other types of data management technologies such as Splunk, ELK.
3+ years system and application Certification & Accreditation (C&A), System Assessment & Authorization (SA&A), and/or Independent Validation and Verification (IV&V)
2+ years security system monitoring, syslog and traffic analysis, and incident response
2+ years developing and maintaining standard operating procedures and work instructions
2+ years fulfilling Information System Security Officer (ISSO) and/or Information System Security Representative (ISSR) role
2+ years fulfilling Windows and/or Unix administrator role or support
# of Openings:
Scheduled Weekly Hours:
T elecommuting Options:
Some Telecommuting Allowed
USA MD Bethesda - 31 Center Dr (MDC032)
Additional Work Locations:
CSRA is committed to creating a diverse environment and is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.
THINK NEXT. NOW.
CSRA is tomorrow’s thinking, today. To “Think Next. Now.” is to imagine a better future and to deliver it, today. For our customers, our partners, and ultimately, all the people our mission touches, CSRA is realizing the promise of technology to change the world through next-generation thinking and meaningful results.
We understand that our customers' missions require new methods and imaginative thinking. We bring together government IT professionals, emerging technologies, and the brightest, cutting-edge advisors in the industry to deliver a broad range of innovative, next-generation IT solutions and professional services to help our customers modernize their legacy systems, protect their networks and assets, and improve the effectiveness and efficiency of mission-critical functions for our warfighters and our citizens.
Everywhere you look, CSRA is there. We’re in our nation’s infrastructure, in training and education, in cyber security, in serving veterans who served us—and, so much more. Take some time to learn more about CSRA. You might be surprised to learn how we touch your life.
We are a company of 18,000+ smart, talented individuals, yet we enjoy a start-up culture that inspires us to make a difference while delivering results in this rapidly evolving world. Join our team and use your skills and expertise to support the safety, security, health and well-being of the nation.