Information Systems Security Engineer (TS/SCI with Poly Required)

GCI, embodies excellence, integrity and professionalism. The employees supporting our customers deliver unique, high-value mission solutions while effectively leverage the technological expertise of our valued workforce to meet critical mission requirements in the areas of Data Analytics and Software Development, Engineering, Targeting and Analysis, Operations, Training, and Cyber Operations. We maximize opportunities for success by building and maintaining trusted and reliable partnerships with our customers and industry.

At GCI, we solve the hard problems. As an Information Systems Security Engineer, a typical day will include the following duties:

This position is responsible for capturing and refining information security requirements and ensures their integration into information technology component products and information systems through purposeful security design or configuration. The individual will work closely with other project managers and various software engineering, infrastructure, and technical operations teams to assess requirements, coordinate resources, and deliver information security updates for the customer. The ideal candidate will have experience performing industry-standard ISSE tasks, as well as experience in tailoring standard process lifecycles to function effectively in a small, fast-paced environment. S/he must have strong written and verbal individual and organizational communication skills and the ability to articulate technical project requirements to both customers and internal teams. 

KEY RESPONSIBILITIES  

Attends customer meetings and serves as primary liaison to the customer ISSM 

Ensures system compliance with customer Assessment and Authorization (A&A) process 

Ensures system compliance with customer Certification and Accreditation policies  

Conducts system vulnerability scans  

Provides support to system patches and updates 

Provides assessments of the security impact of network changes 

Provides support to the management and control of system changes 

Supports the development, coordination, and maintenance of the System Security Plan (SSP) 

Implement and enforce information systems security policies ensuring system security requirements are addressed during all phases of the acquisition and system lifecycle 

Support the customer to resolve conflicting system security engineering requirements 

Develop and maintain processes and procedures to identify, track and mitigate customer system vulnerabilities 

Assess system compliance with NIST requirements, identifying weaknesses and evaluating planned remedial actions based upon those requirements.  

Support control implementation assessment and reporting and monitoring processes using cyber security and assessment management systems. 

Responsible for auditing, reviewing and audit reporting 

EDUCATION AND EXPERIENCE 

Bachelor’s degree in a related business or technical discipline (Systems Security Engineering, Software Engineering, or Computer Science, etc.), or the equivalent combination of education, technical training, or work/military experience 

REQUIRED QUALIFICATIONS 

Demonstrated experience assessing system compliance with NIST requirements, identifying weaknesses and evaluating planned remedial actions based upon those requirements. 

Demonstrated experience assisting the customer with compliance of their systems and networks as documented in NIST 800-53, its revisions, and community interpretation.  

Experience conducting information system security control assessments (SCAs) and applying standard auditing techniques during systems security control assessments, including the proper interpretation of the control requirements, determining if the artifacts provided are sufficient and recommending remedial action to Government customer to ensure compliance 

Demonstrated experience with testing methods, automated tools, plans, and procedures for verification of compliance and vulnerability requirements 

Experience with modern networks, operating systems, databases, and virtual computing 

Experience with using scanning applications 

Demonstrated experience effectively communicating across programs and with customers, stakeholders, and other contractors 

Demonstrated on-the-job experience managing priorities across multiple projects (time management) 

DESIRED QUALIFICATIONS 

Certified Information Systems Security Professional (CISSP)  

Certified Information Systems Security Engineering Professional (ISSEP) 

Demonstrated on-the-job experience with Jira Software for planning and tracking projects