Security Engineer V

Job Description

The candidate will work with the application leads, sysadmins, dbas, developers and testers to ensure the assigned systems are security compliant and achieve/maintain ATO. This includes following the RMF process for full test, partial test, CONMON and no test. Updating Xacta documentation including SSPs, SCTM, STPs and POAMs. Loading artifacts such as STIG checklists and ACAS scans. Helping to implement STIG checklists and mitigate scan findings. Answering questions to ensure systems are developed with security compliance built in. Supporting security assessment events and responding to all questions from PAT team, ISSMs and SCAs. Requires TS/SCI w/poly. Work is full time in a SCIF - hours are flexible. Security+ or higher accreditation (such as CISSP) is required.

Must understand how to go through the RMF process from start to finish and build the assessment package from scratch including Categorization, Control Selection, and creation of the SSP, completion of the SCTM and all the supporting STPs. Must understand how to sit down with a SCA over the course of a week to demonstrate every system control in order to show compliance. Must know how to collaborate with the O&M team to fill out and maintain comprehensive STIG checklists for multiple servers, across multiple domains, operating systems, databases and mission applications. Must be able to quickly respond to taskers and CVEs as they arise. Must be able to work in a dynamic, fast-paced environment and support multiple applications at the same time. Please work with your candidates to provide tailored resumes that speak to experience with these tasks. A successful candidate will have done the work to get an ATO. A candidate who has done self-assessments on a brand-new system, and who has created the Xacta artifacts, as opposed to someone who has only reviewed someone else's work. We want a candidate who understands inheritance, someone who has worked with the SCA to address their questions (or anticipate their questions), someone who has successfully worked through Xacta and RMF security documentation and processes to get a system deployed. Candidates who have never gotten a system deployed do not meet our need.

Required Qualifications:

• Must be a US Citizen

• Bachelor’s degree applicable to the position, with 10, or more, years of relevant experience. Additional experience may be considered in lieu of degree.

• Active TS/SCI with Current CI poly

• 5 years experience supporting a Federal or DoD program in an ISSO or ISSM capacity

• Experience with performing Security Control Assessment in compliance with NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, and other NIST 800 guide series

• Experience with risk analysis and assessment determinations incorporating system/mission owner, and unique operational constraints

• Xacta experience

• Must hold an active IAT level II baseline certification

Desired Qualifications:

• Experience with Amazon Web Services (AWS)

• CSAM tool experience

• Experience with effective policy development and instruction for Federal or DoD Information Security Programs

Physical Requirements: 

• Ability to sit for extended periods of time.
• Ability to stand for extended periods of time.
• Ability to walk to various locations as needed.
• Ability to bend and navigate to perform assigned duties.
• Ability to lift light to moderate equipment as needed for job.

About Us

At CoSolutions we are proud to say we prioritize our employees as well as strive to create a comfortable, welcoming, and productive work environment for all. We support growth opportunity, career development, and always have open ears to new possibilities and solutions! If you are looking for a new rewarding opportunity, we would love to hear from you.  

CoSolutions is an equal opportunity employer and does not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital/parental status, pregnancy/childbirth or related conditions, physical or mental disability, genetic information, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.  It is our firm intent to support equal employment opportunity and affirmative action in keeping with applicable federal, state, and local laws and regulations.