Information Assurance Systems Security Engineer (Iasse) Ii
Company: ManTech International Corporation
Location: Lehi
Posted on: January 27, 2023
|
|
Job Description:
Secure our Nation, Ignite your FutureBecome an integral part of
a diverse team while working at an Industry Leading Organization,
where our employees come first. At ManTech International
Corporation, you'll help protect our national security while
working on innovative projects that offer opportunities for
advancement. Currently, ManTech is seeking a motivated, career and
customer-oriented IASSE II (Pentester) to join the team at Hill
AFB, UT.Information Assurance System Security Engineer IIThe
Information System Security Engineer (IASSE) is primarily
responsible for conducting information system security engineering
activities with a focus on lifecycle of current systems and future
requirement scoping. The position will collect and process the
captured information security requirements and ensures that the
requirements are effectively integrated into information systems
through purposeful security architecting, design, development, and
configuration. The position is an integral part of the development
team designing and developing organizational information systems or
upgrading legacy systems. The ISSE employs best practices when
implementing security requirements within an information system
including software engineering methodologies, system/security
engineering principles, secure design, secure architecture, and
secure coding techniques. This position's main function is working
within Special Access Programs (SAPs) supporting Department of
Defense (DoD) agencies, such as HQ Air Force, Office of the
Secretary of Defense (OSD) and Military Compartments efforts. The
position will provide "day-to-day" support for Collateral,
Sensitive Compartmented Information (SCI) and Special Access
Program (SAP) activities.**IN ADDITIONPenetration Tester
(Pentester)The penetration tester (pentester) is primarily
responsible for conducting penetration and other cyber related
tests/assessments, both cooperative and adversarial in nature. The
pentester employs best practices when conducting tests in a
methodical manner and succinctly reports the findings and methods
employed in a discrete manner.Performance shall include:Perform
oversight of the development, implementation, and evaluation of
information system security program policy; special emphasis
placedupon integration of existing SAP network
infrastructuresPerform analysis of network security, based upon the
Risk Management Framework (RMF) with emphasize on Joint Special
Access Program Implementation Guide (JSIG) authorization
processProvides expert support, research and analysis of
exceptionally complex problems, and processes relating to
themProvides expert level consultation and technical services on
all aspects of Information SecurityServes as technical expert to
the Cybersecurity Assessment Program providing technical direction,
interpretation and alternatives to complex problemsThinks
independently and demonstrates exceptional written and oral
communications skills. Applies advanced technical principles,
theories, and conceptsContributes to the development of new
principles, concepts, and methodologiesWorks on unusually complex
technical problems and provides highly innovative and ingenious
solutionsLead a team of System Security Engineers and Certification
and Accreditation Analysts responsible for ensuring the customers
national and international security interests are protected as
support equipment are designed and testedRecommends cybersecurity
software tools and assists in the development of software tool
requirements and selection criteria to include the development of
product specific STIGs from applicable DISA SRGsReview ISSE related
designs and provides security compliance recommendationsLeads
technical teams in implementation of predetermined long-range goals
and objectivesSupports customer and SAP community IA working
groups, participate in SSE IPT reviewsProvides expert level
consultation and technical services on all aspects of Information
SecurityReview ISSE related designs and provides security
compliance recommendationsDevelop and provide IA risk management
recommendations to the customerProvide ISSE support for Mission and
Training systems design and developmentAssist with development and
maintenance of the Program Protection PlanAssist with site
activation activities and design reviewsRepresent the customer in
various ISSE related working groups, advisory groups, and advisory
council meetingsChair and or Co-Chair customer and SAP community IA
working groups, participate in ISSE IPT reviewsRepresent the
customer in various SSE related working groups, advisory groups,
and advisory council meetingsStrong background in
Patch/Configuration management, DevOps, and tier 3 supportAssist
team to design, integrate, and implement JSIG/RMF Continuous
Monitoring tools and processesIntegrate COTS & GOTS products to
collect, display and remediate a variety of automated system
security and system operations/performance functions and
metricsPerform security assessments of servers/network
devices/security appliancesDevelop improvements to security
assessments about accuracy and efficiencyIntegrate ancillary
monitoring tools/capabilities with the enterprise security
information and event management (SIEM) and create/tailor complex
event alarms/rules and summary reportsWrite and execute
cybersecurity test procedures for validation of control
complianceMonitor/analyze output of cybersecurity related tools for
reportable security incidents and residual riskAnalyze technical
risk of emerging cybersecurity tools and processesWork as part of a
security incident response team as neededBuild operational
Operations and Maintenance (O& M) checklists to maintain the
service (daily, weekly, monthly, yearly O& M checklists); build
Tactics, Techniques and Processes (TTPs) and Standard Operating
Processes (SOPs) associated with service
checklistsIntegrate/Develop new techniques to improve
Confidentiality, Integrity, and Availability for networks/systems
operating at various classification levelsAdvanced technical
competency in one or more of the following supported platforms:
Microsoft Windows Server, Active Directory, Red Hat Enterprise
Linux servers, MS Hyper-V/VMWare/ESx/Xen Hypervisors, Enterprise
networking/firewalls/intrusion detection/prevention systems,
forensic analysis/vulnerability assessment, Group Policy management
and configuration, Scripting, BMC Footprints, WSUS,, Lumension,
Bitlocker, SQL Server 2012, TomCat, IIS, Windows Server
2012r2/2016, Win 10, Red Hat 6.5, Microsoft OfficeToolkits, SEIMs,
Logrhythm, ACAS/Nessus/SCAP, mandatory/role-based access control
concepts (e. g. SE Linux extensions to RHEL, PitBull, AppArmor, and
Sentris), video teleconferencing/VOIP, Oracle/MS SQL database
security, and Apache/IIS Web server
securityExperience/Education:12+ years related experience
requiredBachelor's degree in a related discipline or equivalent
experience (4 years) required8+ years experience in /Cyber
Pentesting preferredPrior performance in roles such as ISSO, ISSM,
SCA or SAP IT Technical Director preferredCertifications:Must meet
position and certification requirements outlined in DoD Directive
8570.01-M for Information Assurance Architect and Engineer Level I
or Information Assurance Architect and Engineer Level II within 6
months of the date of hireAt least one of the following: CEH, LPT,
eJPT, eCPPT, OSCP, GPen, GXPN, PenTest+, CRTOP, CPT, CEPT within 6
months of the date of hireSecurity Clearance:Current
TS/SCIEligibility for access to Special Access Program
InformationWillingness to submit to a Counterintelligence
polygraphOther Requirements:Must have expert knowledge of DoD,
National and applicable service and agency security policy,
manuals, and standards.Must have knowledge of DoD security policy,
manuals, and standards.Must have the ability to work in a dynamic
environment and effectively interact with numerous DOD,
military/civilian personnel and industry partners.Familiarity with
exploiting embedded systems (non-traditional IT).Familiarity with
DoD weapon systems.Knowledgeable on Python scripting.Sedentary:The
person in this position frequently communicates with co-workers,
management, and customers, which may involve delivering
presentations. Must be able to exchange accurate information in
these situationsThe person in this position needs to occasionally
move about inside the officeThe person in this position will need
to be able to operate a computer and other office productivity
machinery, such as a calculator, copy machine and computer
printer.Physical Requirements:Must be able to remain in a
stationary position 50%.Needs to occasionally move about inside the
office to access file cabinets, office machinery, etc.Constantly
operates a computer and other office productivity machinery, such
as a calculator, copy machine and computer printer.Often positions
self to maintain computers in the lab, including under the desks
and in the server closet.Frequently communicates with co-workers,
management, and customers, which may involve delivering
presentations. Must be able to exchange accurate information in
these situations.May be asked to move Audio/Visual or Computer
equipmentFor all positions requiring access to technology/software
source code that is subject to export control laws, employment with
the company is contingent on either verifying U.S.-person status or
obtaining any necessary license. The applicant will be required to
answer certain questions for export control purposes, and that
information will be reviewed by compliance personnel to ensure
compliance with federal law. ManTech may choose not to apply for a
license for such individuals whose access to export-controlled
technology or software source code may require authorization and
may decline to proceed with an applicant on that basis
alone.ManTech International Corporation, as well as its
subsidiaries proactively fulfills its role as an equal opportunity
employer. We do not discriminate against any employee or applicant
for employment because of race, color, sex, religion, age, sexual
orientation, gender identity and expression, national origin,
marital status, physical or mental disability, status as a Disabled
Veteran, Recently Separated Veteran, Active Duty Wartime or
Campaign Badge Veteran, Armed Forces Services Medal, or any other
characteristic protected by law.If you require a reasonable
accommodation to apply for a position with ManTech through its
online applicant system, please contact ManTech's Corporate EEO
Department at (703) 218-6000. ManTech is an affirmative
action/equal opportunity employer minorities, females, disabled and
protected veterans are urged to apply. ManTech's utilization of any
external recruitment or job placement agency is predicated upon its
full compliance with our equal opportunity/affirmative action
policies. ManTech does not accept resumes from unsolicited
recruiting firms. We pay no fees for unsolicited services.If you
are a qualified individual with a disability or a disabled veteran,
you have the right to request an accommodation if you are unable or
limited in your ability to use or access
Keywords: ManTech International Corporation, Lehi , Information Assurance Systems Security Engineer (Iasse) Ii, Other , Lehi, Utah
Click
here to apply!
|