Capital OneMcLean
Director, Cyber Risk and Analysis- Information Security Office. As a part of the Information Security Office, you will have the opportunity to work with cross functional teams. As a Director of Cyber Risk and Analysis at Capital One, you will work closely within our cyber security team, and with ext...
The Computer Merchant, LtdSpringfield (VA), 14 mi from Herndon (VA)
JOB TITLE: Top Secret SCI Information Security Analyst Advisor
JOB LOCATION: Springfield VA
WAGE RANGE*: $75hr to $80hr/ W2 Only ($156K - $166.4K/yrly)
JOB NUMBER: RQ(phone number removed)
Duration:1 Year Contract - Could see extensions or turn...
Ampcus IncorporatedArlington (VA), 17 mi from Herndon (VA)
Information Security Manager - III - ISM03 - Multi Year Salaried Role
Hybrid in Arlington, VA
Must Have TS Clearance
Our client is supporting a U.S. Government customer to provide support for onsite incident response to civilian Government...
Merit 321Gaithersburg, 16 mi from Herndon (VA)
Position: Information Security Specialist
Location: McLean, VA (Hybrid)
Clearance: N/A
Requirements
8+ years of in-depth engineering experience working in CyberArk suite.
MUST have PowerShell scripting knowledge and experience.
Automation...
Chenega MIOS SBUAlexandria
Knowledge and experience in the security sub-disciplines supporting Army IA, certification and accreditation, IA security testing, and security management for both developmental and production systems, including but not limited to Communications Security, Physical Security, OPSEC, Risk Assessments, ...
Rollout SystemsArlington
JSF IT -Information Assurance/Security Specialist, IAM LEVEL III on F-35 JSF IT. Position Description: Determines enterprise information assurance and security standards. Develops and implements information assurance/security standards and procedures.
Recommends information assurance/security soluti...
PeratonReston
Provides technical and programmatic Information Assurance Services to internal and external customers in support of network and information security systems. Provides information assurance support for the development and implementation of security architectures to meet new and evolving security requ...
Capital OneMc Lean (VA), 8 mi from Herndon (VA)
Center 3 (19075), United States of America, McLean, Virginia
Principal Associate, Information Security Office (ISO) Consultant
At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security...
Get new jobs by email!
Get email updates for the latest Information Security jobs in Herndon (VA)
It's free, and you can cancel email updates at any time
Cleared Information Security Systems Engineer
Herndon (VA) | www.resume-library.com |
A Global Government Contracting Company is seeking a Cleared Information Security Systems Engineer to join their team in Northern VA or Palm Bay, FL!
You must have a TS/SCI clearance and this is 100% onsite.
Job Description:
Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest.
Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management.
Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards under RMF and derivitive processes (DOD 8510, JSIG, ICD-503, CNSSI 1253), to achieve security authorization of supported systems.
Represents program security needs, concerns and requirements at customer meetings.
Essential Functions:
Experience in Static Application Security Testing (SAST) for Application Security and Development STIG compliance using tools such as Fortify and Gitlab as part of a DevSecOps Continuous Integration/Continuous Deployment (CI/CD) Pipeline, and generation of summary reports.
Experience in Risk Management Framework (RMF) accreditation and authorization (A&A) processes to include RMF steps 1-4 (categorization, controls selection, control implementation, security assessment) and standard body of evidence (BoE) package development.
Understanding of security control inheritance in terms of IaaS, PaaS and SaaS relationships.
Experience with A&A package processing in eMASS and Xacta.
Experience in DoD software selection and approval processes for COTS, GOTS and FOSS.
Experience in the application of DISA SRGs and STIGs.
Experience with audit reduction tools such as Splunk.
Familiarity with Linux.
Support security engineering activities, including basis of estimate development, requirements development, design, test, configuration management and maintenance of information systems and data.
Assist program security in the development of policies and procedures for emerging security technologies.
Support vulnerability assessment activities as required.
Support the evaluation, qualification, testing and delivery of security architecture improvement, obsolescence replacement and vulnerability response projects.
Experience in configuration and use of cyber defense and vulnerability assessment tools such as ACAS and SCC.
Work is 100% on-site and cannot be accomplished remotely.
Qualifications:
Education:
Bachelor's Degree and minimum 4 years of prior relevant experience, or
Graduate Degree and a minimum of 2 years of prior related experience, or
In lieu of a degree, minimum of 8 years of prior related experience.
DOD 8570.01M IAT-3 or IASAE-2 certification.
Preferred Additional Skills:
Familiarity with Model Based System Engineering (UML, SysML, DoDAF).
Python/shell scripting experience and Redhat Linux administrative skills.
Experience in C2S Cloud authorizations, FedRAMP and DISA CSP requirements.
Experience in the content development and administration of SEIM/audit reduction tools (e.g., Splunk) and cyber defense and vulnerability assessment tools (e.g., ACAS and SCC).
DOD 8570.01M IASAE-3 certification is desired.
Strong understanding of engineering processes, concepts and information security systems engineering principles (NIST SP 800-160 Vol1).
Foundational knowledge of Layer 3 network architecture and diagramming.
System test and evaluation methods and RMF assessment methodology & process.
Experience with CI/CD, agile system development, and DevSecOps tools and processes.
Understanding of system vulnerabilities and exploitation.
TS/SCI security clearance is required
Kaztronix is an equal opportunity employer and does not discriminate on the basis of race, color, national origin, sex, age, religion, disability, veteran status or any other consideration made unlawful by federal, state or local laws. In addition, all human resource actions in such areas as compensation, employee benefits, transfers, layoffs, training and development are to be administered objectively, without regard to race, color, religion, age, sex, national origin, disability, veteran status or any other consideration made unlawful by federal, state or local laws.
By applying to the position, you acknowledge that your information will be used by Kaztronix in processing your application.
You must have a TS/SCI clearance and this is 100% onsite.
Job Description:
Applies current systems security engineering methods, practices and technologies to the architecture, design, development, evaluation and integration of systems and networks to maintain system security. Works closely with Government customers to ensure that the security protection needs, concerns and requirements are defined and implemented with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of system that will allow for the security authorization of the system of interest.
Works with systems developers or commercial product vendors in the design and evaluation of state-of-the-art secure systems, networks, and database products. Uses methods such as encryption technology, vulnerability analysis and security management.
Responsible for integration of multiple methods into a cohesive system security perimeter and environment and the policies and procedures necessary to monitor and maintain such an environment. Will prepare Certification and Accreditation documentation, using multiple standards under RMF and derivitive processes (DOD 8510, JSIG, ICD-503, CNSSI 1253), to achieve security authorization of supported systems.
Represents program security needs, concerns and requirements at customer meetings.
Essential Functions:
Experience in Static Application Security Testing (SAST) for Application Security and Development STIG compliance using tools such as Fortify and Gitlab as part of a DevSecOps Continuous Integration/Continuous Deployment (CI/CD) Pipeline, and generation of summary reports.
Experience in Risk Management Framework (RMF) accreditation and authorization (A&A) processes to include RMF steps 1-4 (categorization, controls selection, control implementation, security assessment) and standard body of evidence (BoE) package development.
Understanding of security control inheritance in terms of IaaS, PaaS and SaaS relationships.
Experience with A&A package processing in eMASS and Xacta.
Experience in DoD software selection and approval processes for COTS, GOTS and FOSS.
Experience in the application of DISA SRGs and STIGs.
Experience with audit reduction tools such as Splunk.
Familiarity with Linux.
Support security engineering activities, including basis of estimate development, requirements development, design, test, configuration management and maintenance of information systems and data.
Assist program security in the development of policies and procedures for emerging security technologies.
Support vulnerability assessment activities as required.
Support the evaluation, qualification, testing and delivery of security architecture improvement, obsolescence replacement and vulnerability response projects.
Experience in configuration and use of cyber defense and vulnerability assessment tools such as ACAS and SCC.
Work is 100% on-site and cannot be accomplished remotely.
Qualifications:
Education:
Bachelor's Degree and minimum 4 years of prior relevant experience, or
Graduate Degree and a minimum of 2 years of prior related experience, or
In lieu of a degree, minimum of 8 years of prior related experience.
DOD 8570.01M IAT-3 or IASAE-2 certification.
Preferred Additional Skills:
Familiarity with Model Based System Engineering (UML, SysML, DoDAF).
Python/shell scripting experience and Redhat Linux administrative skills.
Experience in C2S Cloud authorizations, FedRAMP and DISA CSP requirements.
Experience in the content development and administration of SEIM/audit reduction tools (e.g., Splunk) and cyber defense and vulnerability assessment tools (e.g., ACAS and SCC).
DOD 8570.01M IASAE-3 certification is desired.
Strong understanding of engineering processes, concepts and information security systems engineering principles (NIST SP 800-160 Vol1).
Foundational knowledge of Layer 3 network architecture and diagramming.
System test and evaluation methods and RMF assessment methodology & process.
Experience with CI/CD, agile system development, and DevSecOps tools and processes.
Understanding of system vulnerabilities and exploitation.
TS/SCI security clearance is required
Kaztronix is an equal opportunity employer and does not discriminate on the basis of race, color, national origin, sex, age, religion, disability, veteran status or any other consideration made unlawful by federal, state or local laws. In addition, all human resource actions in such areas as compensation, employee benefits, transfers, layoffs, training and development are to be administered objectively, without regard to race, color, religion, age, sex, national origin, disability, veteran status or any other consideration made unlawful by federal, state or local laws.
By applying to the position, you acknowledge that your information will be used by Kaztronix in processing your application.
Best jobs you don't want to miss: