Information Systems Security Engineer (ISSE)

Description

JOB DESCRIPTION:

• The contractor shall provide Cyber Security (CS) support. In performance of this task the contractor shall:
• Oversee the development and maintenance of a system’s CS solutions.
• Identify Authorizing Official (AO) and SCA cognizance (i.e. Functional Authoring Official or Navy Authorizing Official, and Functional Security Control Assessor or Security Control Assessor) of the system as well as any specific authorization requirements such as reciprocity, cross domain, and applicable overlays to support System Categorization.
• Identify and tailor the security control baseline with applicable overlays.
• Assist with development, maintenance, and tracking of the Security Plan.
• Lead the security control implementation and testing efforts.
• Perform vulnerability-level risk assessment on the POA&M/RISK Assessment Worksheet.
• Assist with any security testing required as part of Assessment and Authorization (A&A) or annual reviews.
• Assist in the mitigation and closure of open vulnerabilities under the system’s change control process.
• Oversee CS testing to assess security controls and recording security control compliance status during the continuous monitoring phase of the lifecycle.
• Make data entries into the eMASS record and POA&M consistent with implementation results.
• Utilize the Collaboration Board in the eMASS workflow for all formal coordination during the RMF process. Detailed findings will be posted in the Artifacts tab (if necessary).
• Rework shall be documented and provided to the Package Submitting Officer/Project Management Office for review.
• Analyze the results of software, hardware, or interoperability testing.
• Determine level of assurance of developed capabilities based on test results.
• Develop test plans to address specifications and requirements.
• Validate specifications and requirements for testability.
• Make recommendations based on test results.
• Perform developmental testing on systems under development.
• Perform interoperability testing on systems exchanging electronic information with other systems.
• Perform operational testing.
• Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
• Record and manage test data.
• Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.
• Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.

Requirements

Must Have Skills:

*Candidates must have CompTIA Security+, active clearance, good

 communication, consistent engagement, and be willing to travel 2nd week of on-boarding to Portsmouth Naval Shipyard (PNSY).

*Past experience as an ISSE on Navy eMass Projects is a plus.