Lead Information Security Systems Engineer

Location Colorado Springs
Discipline: Cybersecurity
Salary: $125000 to $150000
Contact email: rgarcia@brightmetro.com
Job ref: 411385
Published: 3 months ago
Job Description:
  • Provide Information Security System Engineering leadership support and technical execution of information security activities associated with the authorization of NIST Risk Management Framework (RMF) hardened information systems.
  • Support Security Engineering activities, including design, testing, configuration, management and maintenance of information systems.
  • Assist Program Security Architect in the development of, and CONOPS for, emerging security technologies and proposals.
  • Support compliance certification and vulnerability assessments as required.
  • Support the evaluation, qualification, testing and delivery of security architecture improvement, obsolescence replacement and vulnerability response projects.
  • Support information assurance data collection and continuous monitoring updates for assigned security architectures.
  • Experience in writing and managing RMF body of evidence documents (e.g., System Security Plan (SSP), Security Compliance Traceability Matrix (SCTM), Risk Assessment Report (RAR), Continuous Monitoring (ConMon) Plan, and Security Assessment Plans and Procedures (SAPP).
  • Experience in securing operating systems (Windows, Linux, Cisco IOS, etc.).
  • Self-motivation, able to work well independently and within inter-disciplinary engineering teams.
  • Strong written and oral communication skills.
  • Principles of data flows (e.g., TCP/IP, OSI model).
  • Familiarity with Agile development processes and tools, such as Jira.
Qualifications: 
  • Education: Bachelor’s Degree and a minimum of 9 years of prior relevant experience, or Graduate Degree and a minimum of 7 years of prior related experience.
  • DoD 8570.01-M IASAE Level 2 certification.
  • Active TS/SCI Security Clearance.
Preferred Additional Skills:
  • Experience in configuration and use of cyber defense and vulnerability assessment tools such as ACAS and SCC
  • Experience in the content development and administration of SEIM/audit reduction tools (e.g., Splunk).
  • DoD 8570.01-M IASAE Level 3 certification.
  • Strong understanding of engineering processes, concepts and information security systems engineering principles (NIST SP 800-160 Vol1).
  • System testing and evaluation methods and RMF assessment methodology & process.
  • Experience with application of STIGs.
  • Telecommunications network engineering experience.
  • Experience in Cyber Defense technologies.
  • Understanding of system vulnerabilities and exploitation.