SAIC is seeking a Senior Information Systems Security Engineer (ISSE), who can join our team and make an immediate impact through their creativity, enthusiasm and technical abilities. Our ISSE will assist in the progressing of the Maritime Global Command and Control System-Maritime (GCCS-M) Family of Systems (MGF) Authority To Operate (ATO) packages through the Risk Management Framework (RMF) process supporting Naval Information Warfare Center (NIWC) Pacific Code 532 – the MGF Software Support Activity. We aren’t looking for someone who will simply go through the motions, but someone willing to go beyond expectations, do something important, and make a true difference. This role is located in San Diego, CA.
As a Senior ISSE, your responsibilities will include:
- Manage, develop, and progress Risk Management Framework (RMF) packages through the Assessment and Accreditation (A&A) process and ultimately achieve Authority to Operate (ATP) approval from the Navy Approving Office (NAO) for MGF programs.
- Transitioning of previously approved or processed DoD Information Assurance Certification and Accreditation Process (DIACAP) packages to Risk Management Framework (RMF) as implemented by the Department of the Navy.
- Draft Risk Management Framework (RMF) Memoranda for the Record (MFR) as part of the Change Management Process including revised network diagrams, Assured Compliance Assessment Solutions (ACAS) scan results, System Technical Information Guides (STIG) checklists and hardware and software lists are updated, compiled, and entered into the review process.
- Perform ACAS security scans on all network assets as part of the network vulnerability management process.
Required Education and Experience:
- Bachelors and five (5) years or more experience; Masters and three (3) years or more experience; PhD and 0 years related experience.
- This position requires a Department of Defense Secret clearance.
- CompTIA Security +, and DoD Instruction 8570 IAT Level II certification.
- 3-5 years of experience in Cybersecurity and Risk Management Framework, including ACAS scans and STIG application, network security, and understanding of the RMF workflow process.
- Demonstrated experience with Information Assurance tools such as Defense Information System Agency (DISA) Enterprise Mission Assurance Support Service (eMASS), ACAS, and Security Content Automation Protocols (SCAP) scans.
- Working knowledge and ability to train others on eMASS, DoD Information Assurance Vulnerability Management (IAVM) Process, and Federal Information Assurance Management Act (FISMA) Process
- Effective written and verbal communication skills.
- Understanding of DoD Computer Network Defense (CND) policy and requirements and have cursory familiarity with CND tools and processes (e.g. network scanners; vulnerability mitigation; remediation; risk management).
- Working understanding of secure software development and assessment.
- Working knowledge of government processes and practices involved with safeguarding classified information.
- 5-7 years of experience in Cybersecurity and Risk Management Framework processes, and management of A&A processes to achieve ATO’s
- Navy Qualified Validator Level II certification