Principal System Security Engineer at KBR, Inc in Riverdale, MD
KBR is seeking a highly motivated security professional to join the NASA's Earth Observing System Data and Information System (EOSDIS) Evolution and Development 3 (EED-3) contract. The Principal System Security Engineer (SSE) will participate in a broad range of security operations and analysis tasks for both cloud based and on-premises based systems. The Principal SSE will provide expert level support to plan, coordinate, and implement the overall information security program for the EED-3 contract. Roles &
Responsibilities:
Responsible for responding to security actions from the NASA Security Operations Center (SOC), Computer Emergency Response Team (CERT), and other Security notices as directed by EED-3 Engineering Technical Directives (ETDs). Determines corrective actions, prepares and submits reports in accordance with government and program directives. Review and interpret Security Documentation from NASA OCIO, NIST, and other documents as directed by EED-3 ETDs. Review and interpret security events from OSSEC, Splunk, Nessus, SEP, and other monitoring tools. Maintain and update System Security Plan (SSP) documentation and controls. Train the operations staff on security issues specific to the EED-3 security implementation. Support annual external Security Assessments. Perform internal Security Audits and Assessments. Plan, coordinate, and oversee the execution of Contingency Plan (CP) exercises. Prepare test results and maintain Contingency Plans. Responsible for the enforcement of security policies and procedures by administering and monitoring security profiles, review security violation reports and investigate possible security exceptions Provide technical expertise and oversight to manage the daily administration of security protection measures Prepare status reports on security matters to develop security risk analysis scenarios and response procedures Manage investigations of security events (e.g., unauthorized access, non-compliance with NASA policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps Required Skills:
Knowledge and experience in vulnerability scanning and patch management tools Knowledge and experience in systems administration of Windows Server and Red Hat Enterprise Linux Knowledge and experience in the implementation of the NIST 800.53 Security and Privacy Controls for Federal Systems and Organizations Knowledge and experience in the implementation of the NIST Risk Management Framework Familiarity with network devices and protocols Experience with creation, modification and maintenance of IT System Security Plans (SSP), IT Risk Assessments, Contingency Plans to support government environments, ideally for NASA Excellent interpersonal skills, including ability to successfully interact in a customer-facing position on a regular basis Must be able to meet government a National Agency Clearance (NAC) and citizenship/permanent residency requirements for access to NASA GSFC Certified Information Systems Security Professional (CISSP) Desired Skills:
Highly desired, experience with establishing and supporting systems on Amazon Web Services (AWS) or Microsoft Azure Highly desired, Certified Cloud Security Professional (CCSP) Knowledge and experience with NASA policies and procedures Knowledge and experience in software security, design, web-based applications, familiarity with C#, Java, Ruby on Rails, Clojure, JavaScript, etc. Certification in Red Hat Enterprise Linux (RHCE) Working knowledge of Agile development methodologies Knowledge and experience with Personal Identification Credentials (PIV) smartcards on Mac, Linux, and Windows environments. Knowledge and experience with SAML and OAUTH single-sign-on technologies. Required Education &
Experience:
Must have minimum of 8 years of experience with a BS/BA Degree in a technical field such as Computer Science, Information Technology, or Information Assurance Must have a minimum of 4 years of experience with IT Security and Information Assurance.
Salary Range:
$100K -- $150K
Minimum Qualification
Systems Architecture & Engineering, IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
Responsibilities:
Responsible for responding to security actions from the NASA Security Operations Center (SOC), Computer Emergency Response Team (CERT), and other Security notices as directed by EED-3 Engineering Technical Directives (ETDs). Determines corrective actions, prepares and submits reports in accordance with government and program directives. Review and interpret Security Documentation from NASA OCIO, NIST, and other documents as directed by EED-3 ETDs. Review and interpret security events from OSSEC, Splunk, Nessus, SEP, and other monitoring tools. Maintain and update System Security Plan (SSP) documentation and controls. Train the operations staff on security issues specific to the EED-3 security implementation. Support annual external Security Assessments. Perform internal Security Audits and Assessments. Plan, coordinate, and oversee the execution of Contingency Plan (CP) exercises. Prepare test results and maintain Contingency Plans. Responsible for the enforcement of security policies and procedures by administering and monitoring security profiles, review security violation reports and investigate possible security exceptions Provide technical expertise and oversight to manage the daily administration of security protection measures Prepare status reports on security matters to develop security risk analysis scenarios and response procedures Manage investigations of security events (e.g., unauthorized access, non-compliance with NASA policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps Required Skills:
Knowledge and experience in vulnerability scanning and patch management tools Knowledge and experience in systems administration of Windows Server and Red Hat Enterprise Linux Knowledge and experience in the implementation of the NIST 800.53 Security and Privacy Controls for Federal Systems and Organizations Knowledge and experience in the implementation of the NIST Risk Management Framework Familiarity with network devices and protocols Experience with creation, modification and maintenance of IT System Security Plans (SSP), IT Risk Assessments, Contingency Plans to support government environments, ideally for NASA Excellent interpersonal skills, including ability to successfully interact in a customer-facing position on a regular basis Must be able to meet government a National Agency Clearance (NAC) and citizenship/permanent residency requirements for access to NASA GSFC Certified Information Systems Security Professional (CISSP) Desired Skills:
Highly desired, experience with establishing and supporting systems on Amazon Web Services (AWS) or Microsoft Azure Highly desired, Certified Cloud Security Professional (CCSP) Knowledge and experience with NASA policies and procedures Knowledge and experience in software security, design, web-based applications, familiarity with C#, Java, Ruby on Rails, Clojure, JavaScript, etc. Certification in Red Hat Enterprise Linux (RHCE) Working knowledge of Agile development methodologies Knowledge and experience with Personal Identification Credentials (PIV) smartcards on Mac, Linux, and Windows environments. Knowledge and experience with SAML and OAUTH single-sign-on technologies. Required Education &
Experience:
Must have minimum of 8 years of experience with a BS/BA Degree in a technical field such as Computer Science, Information Technology, or Information Assurance Must have a minimum of 4 years of experience with IT Security and Information Assurance.
Salary Range:
$100K -- $150K
Minimum Qualification
Systems Architecture & Engineering, IT SecurityEstimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
