Title:  Senior Specialist, Information Security Systems Engineer TS/SCI - Palm Bay, FL

Job Title:  ​Senior Specialist, Info Security Sys Engineering

Job Code:  26967

Job Location:  Palm Bay, FL

Job Schedule: 9/80

Job Description:   

Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest. Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management. Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards, to achieve security authorization of supported systems. Represents program security needs, concerns and requirements at customer meetings.

Essential Functions: 

• Apply advanced systems security engineering methods, practices, and technologies to the architecture, design, development, evaluation, and integration of secure systems and networks.
• Collaborate closely with Government customers and internal staff to define, implement, and maintain security protection needs, concerns, and requirements throughout the system lifecycle, ensuring security authorization.
• Design, implement, and manage security controls and configurations for both Linux and Windows systems, including system hardening, vulnerability assessments, and penetration testing.
• Prepare and manage Certification and Accreditation documentation using RMF and derivative processes (e.g., DOD 8510, JSIG, ICD-503, CNSSI 1253) to achieve security authorization of supported systems.
• Conduct Static Application Security Testing (SAST) for Application Security and Development STIG compliance, and navigate DoD software selection and approval processes for COTS, GOTS, and FOSS.
• Configure and manage logging for Linux and Windows systems, ensuring relevant security events are captured and forwarded to Splunk servers for analysis and monitoring.
• Monitor and analyze security logs and alerts from Splunk, investigating potential security incidents and taking appropriate actions to mitigate risks.
• Experience with security tools such as IDS/IPS, vulnerability scanners, and endpoint protection solutions
• Develop, document, and maintain security policies, procedures, and guidelines for system hardening, configuration management, and emerging security technologies.
• Develop and implement incident plans and procedures to ensure that security incidents are responded to promptly and effectively.
• Perform functional analysis, timeline analysis, detailed trade studies, requirements derivation and allocation, and interface definition studies.
• Contribute to Information Security Engineering activities, including CDRLs, trade studies, security requirements analysis, secure architecture development, compliance with security controls, and security test/verification activities.
• Identify security risks, threats, and vulnerabilities of networks, systems, applications, and new technology initiatives, and support security engineering activities such as basis of estimate development, design, test, configuration management, and maintenance of information systems and data.
• Provide technical guidance, coaching, and training to other employees, and be able to act as an IA liaison across all engineering and security disciplines, ensuring integration of security controls into the system development lifecycle.
• Develop and deliver security training and awareness programs that integrate latest security approaches and standards.
• Work is 100% on-site and cannot be accomplished remotely.

Qualifications: 

• Education 
  • Bachelor’s Degree and minimum 6 years of prior relevant experience, or 
  • Graduate Degree and a minimum of 4 years of prior related experience or 
  • In lieu of a degree, minimum of 10 years of prior related experience. 
• Must possess a TS/SCI CI Poly.
• Must be able to obtain and maintain a DOD 8140 certification (or NIST 800-181), appropriate for the position within 6-months of start.

Preferred Additional Skills: 

• Recent (within 3 years) CI Poly.
•  Familiarity with emerging technologies such as cloud computing, containerization, and microservices, and their security implications (e.g. Understanding of security control inheritance in cloud-based systems.)