Information Systems Security Engineer
Company: Mitre Corporation
Location: Fairfax
Posted on: June 25, 2022
|
|
Job Description:
Why choose between doing meaningful work and having a fulfilling
life? At MITRE, you can have both. That's because MITRE people are
committed to tackling our nation's toughest challenges-and we're
committed to the long-term well-being of our employees. MITRE is
different from most technology companies. We are a not-for-profit
corporation chartered to work for the public interest, with no
commercial conflicts to influence what we do. The R centers we
operate for the government create lasting impact in fields as
diverse as cybersecurity, healthcare, aviation, defense, and
enterprise transformation. We're making a difference every
day-working for a safer, healthier, and more secure nation and
world. Our workplace reflects our values. We offer competitive
benefits, exceptional professional development opportunities, and a
culture of innovation that embraces diversity, inclusion,
flexibility, collaboration, and career growth. If this sounds like
the choice you want to make, then choose MITRE-and make a
difference with us. The Information Systems Security Department
(A211) in the Global Security Services Division (A110) is seeking
to fill an Information System Security Engineer (ISSE) position.
The selected candidate for the ISSE role will support multiple
sponsors to p rovide Cyber Security Architecture Analysis and
Security Engineering Support. As the ISSE, the selected candidate
will perform tasks such as ensuring cyber security is baked into
the design of new/existing operational environments; perform
security authorization activities in compliance with Risk
Management Framework ( RMF) policies and procedures to include:
System Security Plans (SSPs), Risk Assessment Reports, A packages,
and Security Controls Traceability Matrix (SCTM). Assist
ISSMs/ISSOs in m aintaining operational security posture to ensure
information systems (IS), security policies, standards, and
procedures are established and followed. Performs
vulnerability/risk assessment analysis to support Assessment &
Authorization (A). Provides configuration management (CM) expertise
for information system security software, hardware, and firmware
and leads Change Control Board (CCB) meetings. Responsibilities
include: Engineer cyber security solutions in support of multiple
government sponsors. Perform and review technical security
assessments of computing environments to identify points of
vulnerability, non-compliance with established cybersecurity
standards and regulations, and recommend mitigation strategies.
Characterize and analyze network traffic to identify anomalous
activity and potential threats to network resources. Design and
develop security designs for new or existing operational
environments.Ensure that system designs support the incorporation
cyber security vulnerability solutions. Provide expertise to course
of action development. Identify, assess, and recommend cyber
security products for use within an operational environment.
Provide subject matter expertise to the development of a common
operational picture. Develop and implement security vulnerability
assessments and penetration tests. Ensure that
cybersecurity-enabled products or other compensating security
control technologies reduce identified risk to acceptable security
levels.Maintain operational security posture for an information
system or program.Apply a full range of Cybersecurity policies,
principles and techniques to maintain security integrity of
information systems processing classified information. Conducting
vulnerability scans and recognizing vulnerabilities in security
systems Perform cyber defense trend analysis and reporting.Perform
security reviews and identify security gaps in security
architecture resulting in recommendations for inclusion in the
risk.Knowledge and understanding of cyber defense tools for
continual monitoring and analysis of system activity to identify
malicious activity.Provide Configuration Management input for
security-relevant information system software, hardware, and
firmware; Perform risk analysis (e.g., threat, vulnerability, and
probability of occurrence) whenever an application or system
undergoes a major change.Provide input to the Risk Management
Framework process activities and related documentation (e.g.,
system life-cycle support plan) Minimum Qualifications: Applicants
selected for this position will be subject to a government security
investigation and must meet eligibility requirements for access to
classified information or applicants who are eligible for security
clearances.Basic Qualifications: Typically requires a minimum of 5
years of related experience with a Bachelor's degree; or 3 years
and a Master's degree; or a PhD with relevant experience who can
immediately contribute at this job step; or equivalent combination
of related education and work experience. Required Qualifications:
Communicate complex information, concepts, or ideas in a confident
and well-organized manner through verbal, written, and/or visual
means. Develop or recommend analytic approaches or solutions to
problems and situations for which information is incomplete or for
which no precedent exists. Ability to exercise judgment when
policies are not well-defined. Knowledge of new and emerging IT and
cybersecurity technologies.Effective communication skills (verbal
and written) ensuring clear and effective communication with senior
government leaders and technical peers.Experience with Risk
Management Framework (RMF), NIST SP 800-53, Security Technical
Implementation Guides (STIGs) and Security Content Automation
Protocol (SCAP) Compliance Checker.Knowledge of SIPR and JWICS
Assessment & Authorization (A) process.Knowledge of IT security
principles and methods (e.g., firewalls, demilitarized zones,
encryption).BS in Computer Science or equivalent field of study and
3 years related experience.In accordance with DoD 8570.01M, the
selected candidate must meet the requirements of an IASAE Level II
as a condition of employment.Possess and maintain an active Top
Secret level security clearance.PreferredQualifications:Ability to
contribute in a dynamic high tempo operational environment.Ability
to correlate operational concepts and apply appropriate security
measures to mitigate threats or vulnerabilities.Knowledge of
computer networking concepts and protocols, and network security
methodologies.Knowledge of authentication, authorization, and
access control methods.Knowledge of system and application security
threats and vulnerabilities (e.g., buffer overflow, mobile code,
cross-site scripting).Knowledge of incident response and handling
methodologies.Knowledge of key concepts in security management
(e.g., Release Management, Patch Management).Knowledge of cyber
defense and information security policies, procedures, and
regulations (e.g., RMF).Knowledge of Intrusion Detection System
(IDS)/Intrusion.Knowledge of network protocols such as TCP/IP,
Dynamic Host Configuration, Domain Name System (DNS), and directory
service.Excellent organizational/communications skills and the
ability to effectively interact with staff at all levels.This
requisition requires the candidate to have a minimum of the
following clearance(s):Top Secret, Top Secret/SCIThis requisition
requires the hired candidate to have or obtain, within one year
from the date of hire, the following clearance(s):Top Secret, Top
Secret/SCISalary compensation range and midpoint:$107,500 -
$134,500 - $161,500 AnnualSubject to all federal and state laws,
rules and regulations, MITRE requires all employees to be fully
vaccinated against COVID-19. Newly hired employees must be fully
vaccinated prior to their employment start date. MITRE will provide
reasonable accommodation to individuals who are legally entitled to
an exemption under applicable laws so long as it does not create an
undue hardship for MITRE and/or does not pose a direct threat to
the health or safety of the employee or others in the
workplace.MITRE is proud to be an equal opportunity employer. MITRE
recruits, employs, trains, compensates, and promotes regardless of
age; ancestry; color; family medical or genetic information; gender
identity and expression; marital, military, or veteran status;
national and ethnic origin; physical or mental disability;
political affiliation; pregnancy; race; religion; sex; sexual
orientation; and any other protected characteristics. For further
information please visit the Equal Employment Opportunity
Commission website EEO is the Law Poster , EEO is the Law
Poster-Supplement and Pay Transparency . MITRE intends to maintain
a website that is fully accessible to all individuals. If you are
unable to search or apply for jobs and would like to request a
reasonable accommodation for any part of MITRE's employment
process, please contact MITRE's Recruiting Help Line at
703-983-8226 or email at recruitinghelp@mitre.org. Copyright -
1997-2021, The MITRE Corporation. All rights reserved. MITRE is a
registered trademark of The MITRE Corporation. Material on this
site may be copied and distributed with permission only. nBenefits
information may be found here
Keywords: Mitre Corporation, Washington DC , Information Systems Security Engineer, IT / Software / Systems , Fairfax, DC
Click
here to apply!
|