Information Systems Security Engineer

Company: Mitre Corporation
Location: Fairfax
Posted on: June 25, 2022

Job Description:

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges-and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day-working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities, and a culture of innovation that embraces diversity, inclusion, flexibility, collaboration, and career growth. If this sounds like the choice you want to make, then choose MITRE-and make a difference with us. The Information Systems Security Department (A211) in the Global Security Services Division (A110) is seeking to fill an Information System Security Engineer (ISSE) position. The selected candidate for the ISSE role will support multiple sponsors to p rovide Cyber Security Architecture Analysis and Security Engineering Support. As the ISSE, the selected candidate will perform tasks such as ensuring cyber security is baked into the design of new/existing operational environments; perform security authorization activities in compliance with Risk Management Framework ( RMF) policies and procedures to include: System Security Plans (SSPs), Risk Assessment Reports, A packages, and Security Controls Traceability Matrix (SCTM). Assist ISSMs/ISSOs in m aintaining operational security posture to ensure information systems (IS), security policies, standards, and procedures are established and followed. Performs vulnerability/risk assessment analysis to support Assessment & Authorization (A). Provides configuration management (CM) expertise for information system security software, hardware, and firmware and leads Change Control Board (CCB) meetings. Responsibilities include: Engineer cyber security solutions in support of multiple government sponsors. Perform and review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies. Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. Design and develop security designs for new or existing operational environments.Ensure that system designs support the incorporation cyber security vulnerability solutions. Provide expertise to course of action development. Identify, assess, and recommend cyber security products for use within an operational environment. Provide subject matter expertise to the development of a common operational picture. Develop and implement security vulnerability assessments and penetration tests. Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to acceptable security levels.Maintain operational security posture for an information system or program.Apply a full range of Cybersecurity policies, principles and techniques to maintain security integrity of information systems processing classified information. Conducting vulnerability scans and recognizing vulnerabilities in security systems Perform cyber defense trend analysis and reporting.Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk.Knowledge and understanding of cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity.Provide Configuration Management input for security-relevant information system software, hardware, and firmware; Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plan) Minimum Qualifications: Applicants selected for this position will be subject to a government security investigation and must meet eligibility requirements for access to classified information or applicants who are eligible for security clearances.Basic Qualifications: Typically requires a minimum of 5 years of related experience with a Bachelor's degree; or 3 years and a Master's degree; or a PhD with relevant experience who can immediately contribute at this job step; or equivalent combination of related education and work experience. Required Qualifications: Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. Develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. Ability to exercise judgment when policies are not well-defined. Knowledge of new and emerging IT and cybersecurity technologies.Effective communication skills (verbal and written) ensuring clear and effective communication with senior government leaders and technical peers.Experience with Risk Management Framework (RMF), NIST SP 800-53, Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker.Knowledge of SIPR and JWICS Assessment & Authorization (A) process.Knowledge of IT security principles and methods (e.g., firewalls, demilitarized zones, encryption).BS in Computer Science or equivalent field of study and 3 years related experience.In accordance with DoD 8570.01M, the selected candidate must meet the requirements of an IASAE Level II as a condition of employment.Possess and maintain an active Top Secret level security clearance.PreferredQualifications:Ability to contribute in a dynamic high tempo operational environment.Ability to correlate operational concepts and apply appropriate security measures to mitigate threats or vulnerabilities.Knowledge of computer networking concepts and protocols, and network security methodologies.Knowledge of authentication, authorization, and access control methods.Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting).Knowledge of incident response and handling methodologies.Knowledge of key concepts in security management (e.g., Release Management, Patch Management).Knowledge of cyber defense and information security policies, procedures, and regulations (e.g., RMF).Knowledge of Intrusion Detection System (IDS)/Intrusion.Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory service.Excellent organizational/communications skills and the ability to effectively interact with staff at all levels.This requisition requires the candidate to have a minimum of the following clearance(s):Top Secret, Top Secret/SCIThis requisition requires the hired candidate to have or obtain, within one year from the date of hire, the following clearance(s):Top Secret, Top Secret/SCISalary compensation range and midpoint:$107,500 - $134,500 - $161,500 AnnualSubject to all federal and state laws, rules and regulations, MITRE requires all employees to be fully vaccinated against COVID-19. Newly hired employees must be fully vaccinated prior to their employment start date. MITRE will provide reasonable accommodation to individuals who are legally entitled to an exemption under applicable laws so long as it does not create an undue hardship for MITRE and/or does not pose a direct threat to the health or safety of the employee or others in the workplace.MITRE is proud to be an equal opportunity employer. MITRE recruits, employs, trains, compensates, and promotes regardless of age; ancestry; color; family medical or genetic information; gender identity and expression; marital, military, or veteran status; national and ethnic origin; physical or mental disability; political affiliation; pregnancy; race; religion; sex; sexual orientation; and any other protected characteristics. For further information please visit the Equal Employment Opportunity Commission website EEO is the Law Poster , EEO is the Law Poster-Supplement and Pay Transparency . MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please contact MITRE's Recruiting Help Line at 703-983-8226 or email at recruitinghelp@mitre.org. Copyright - 1997-2021, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only. nBenefits information may be found here

Keywords: Mitre Corporation, Washington DC , Information Systems Security Engineer, IT / Software / Systems , Fairfax, DC